Microsoft 70-411 Exam – Q120

Your network contains an Active Directory domain named All servers run Windows Server 2012 R2. The domain contains a server named Server1 that has the Network Policy Server server role and the Remote Access server role installed. The domain contains a server named Server2 that is configured as a RADIUS server. Server1 provides VPN access to external users.

You need to ensure that all of the VPN connections to Server1 are logged to the RADIUS server on Server2.

What should you run?

A. Add-RemoteAccessRadius -ServerName Server1 -AccountingOnOffMsg Enabled -SharedSecret “Secret” -Purpose Accounting
B. Set-RemoteAccessAccounting -AccountingOnOffMsg Enabled -AccountingOnOffMsg Enabled
C. Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled -SharedSecret “Secret” -Purpose Accounting
D. Set-RemoteAccessAccounting -EnableAccountingType Inbox -AccountingOnOffMsg Enabled

Correct Answer: C

The Add-RemoteAccessRadius cmdlet adds a new external RADIUS server for one of the following purposes:
— Accounting Radius configuration applies to both DirectAccess (DA) and VPN.
— One-time password (OTP) RADIUS configuration applies only to DA.
— Authentication Radius configuration applies only to VPN.

Radius server configuration for Accounting and OTP are global in nature, such as the configurations apply to the entire Remote Access deployment.

RADIUS server configuration for VPN applies only to a specific VPN server, and all servers in a load balancing cluster, or if multi-site is deployed, to all VPN servers at a site.

Following describes aspects of this cmdlet behavior.
— If a RADIUS server is currently being used for a specific purpose, then it can be added for additional purpose using this cmdlet.

— The RADIUS server properties for authentication and accounting are the same except for the AccountingOnOffMsg parameter which is applicable only to accounting RADIUS and the MsgAuthenticator parameter which is applicable only to authentication RADIUS. These properties are not relevant for DA OTP authentication.

— If a user tries to add a RADIUS server for a particular purpose but specifies a parameter that is not applicable to that purpose, then this cmdlet will still run but the parameter will be ignored and a warning message will be issued. When adding a RADIUS server for OTP authentication both the above described parameters are ignored if specified.

— If the accounting configuration is Windows Server® 2012 accounting, then a user can switch to external RADIUS accounting by adding an external RADIUS server for the purpose of accounting.

— Following are some pre-requisites for adding a RADIUS server.
—- A RADIUS server cannot be added for authentication when VPN is not even installed.
—- A RADIUS server cannot be added for authentication when the authentication type is Windows or when local NPS is installed.
—- A RADIUS server cannot be added for the purpose of accounting when external RADIUS accounting is not enabled.
—- A RADIUS server cannot be added for purpose of OTP authentication if OTP authentication is not enabled.