ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-413 All Questions

View all questions & answers for the 70-413 exam
Go to Exam

Exam 70-413 topic 1 question 122 discussion

Actual exam question from Microsoft's 70-413
Question #: 122
Topic #: 1
[All 70-413 Questions]

DRAG DROP -
You manage a server named WAP01 that has the Web Application Proxy feature deployed. You deploy a web application named WebApp1 to a server named
WEB01. WAP01 and WEB01 both run Microsoft Windows Server 2012 R2 and are members of the Active Directory Domain Services (AD DS) domain named corp.contoso.com.
You have the following requirements:
✑ WebApp1 must be available internally at URL https://webappl.corp.contoso.com by using Kerberos authentication.
WebApp1 must be available externally at URL https://webappl.contoso.net by using Active Directory Federation Services (AD FS) authentication.

You need to configure computer accounts.
How should you complete the relevant Windows PowerShell commands? To answer, drag the appropriate Windows PowerShell segment to the correct location.
Each Windows PowerShell segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
First, create SPN for Kerberos auth, and then set up delegation. Allow WAP01 to delegate auth for SPN. WAP01 handles URL translation. External users hit
WAP01 and get delegated auth to WebApp on WEB01.
Reference:
https://blogs.uw.edu/kool/2016/10/26/kerberos-delegation-in-active-directory/ https://4sysops.com/archives/how-to-configure-computer-delegation-with-powershell/ https://docs.microsoft.com/en-us/windows/desktop/ad/name-formats-for-unique-spns https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn383995(v%3Dws.11)
by spam at Feb. 14, 2020, 4:07 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
spam
5 years, 5 months ago
Right. Box 1: WEB01 Box 2: http/webapp1.contoso.net -> see format for SPN name. /: Box 3: WAP01 Box 4: http/webapp1.contoso.net First, create SPN for Kerberos auth, and then set up delegation. Allow WAP01 to delegate auth for SPN. WAP01 handles URL translation. External users hit WAP01 and get delegated auth to WebApp on WEB01. https://blogs.uw.edu/kool/2016/10/26/kerberos-delegation-in-active-directory/ https://4sysops.com/archives/how-to-configure-computer-delegation-with-powershell/ https://docs.microsoft.com/en-us/windows/desktop/ad/name-formats-for-unique-spns https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn383995(v%3Dws.11)
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel