5.6 Flashcards
You are the network administrator for eastsim.com. The network consists of a single domain. All the servers
run Windows Server 2012 R2. All the clients run Windows 7 or Windows 8.
A server at the main office named NP1 runs the Network Access Policy (NPS) server role. You need to disable
IPv6 for all connections except for the tunnel interface and the IPv6 Loopback address.
What should you do?
Select Properties of the Local Area Connection and uncheck Internet Protocol Versions 6 (TCP/IPv6).
Run the netsh interface ipv6 delete command.
Run the IP6 rt command.
Run the IP6 if command.
Select Properties of the Local Area Connection and uncheck Internet Protocol Versions 6 (TCP/IPv6).
You are the server administrator for the westsim.com domain. Your network has a main office in Tulsa, with
a branch office in Norman.
You want to provide a site-to-site VPN solution to connect the two sites that supports NAP health certificates.
Which protocol should you use?
Layer Two Tunneling Protocol (L2TP)
Secure Socket Tunneling Protocol (SSTP)
Point-to-Point Tunneling Protocol (PPTP)
Internet Protocol Security (IPsec)
Internet Protocol Security (IPsec)
Several employees in your company have personal laptop computers that they bring to work and connect to
the company network. Because they often use these laptops while traveling or to help them do their jobs, you
can’t prevent them from connecting to the network. However, you are concerned that many of these
computers don’t have the latest security patches installed.
You want to implement a solution so that computers are checked for the latest security updates as they
connect to the network. If the required updates are missing, you want to prevent these computers from
having full access to the private network.
What should you do?
Implement Network Access Protection (NAP) with a quarantine network.
Configure Windows Server Update Services (WSUS) with Automatic Updates.
Configure a Software Installation policy in Group Policy.
Configure Software Restriction Policies in Group Policy.
Implement Network Access Protection (NAP) with a quarantine network.
You have decided to use Network Access Protection (NAP) with 802.1x authentication on your network. You
have already configured the necessary servers and services. Now you need to configure client computers to
connect to the network.
Which enforcement client should you enable on the client?
Remote Access Quarantine Enforcement Client
EAP Quarantine Enforcement Client
IPsec Relying Party
DHCP Quarantine Enforcement Client
RD Gateway Quarantine Enforcement Client
EAP Quarantine Enforcement Client
You have decided to implement Network Access Protection (NAP) with 802.1x authentication on your
network.
You have installed the Network Access and Policy Server role, configured the System Health Validator (SHV),
created health policies, and configured network policies.
Which additional steps will you need to perform to complete the configuration? (Select two. Each choice is a
possible action.)
Create a connection request policy that uses PEAP authentication and has quarantine checks enabled
Configure the enforcement point as a RADIUS client
Configure a Health Registration Authority (HRA)
In the network policy, configure VLAN memberships
Enable Network Access Protection on the scope of the DHCP server
Configure the enforcement point as a RADIUS client
In the network policy, configure VLAN memberships
You have decided to implement Network Access Protection (NAP) with IPsec on your network.
You have installed the NPS role, configured the System Health Validator (SHV), created health policies, and
configured network policies.
Which additional steps will you need to perform to complete the configuration? (Select two. Each choice is a
possible action.)
Enable Network Access Protection on the scope of the DHCP server
Configure connection authorization policies
Define restricted, boundary, and secure networks
Configure a Health Registration Authority (HRA)
Define restricted, boundary, and secure networks
Configure a Health Registration Authority (HRA)
You have decided to implement Network Access Protection (NAP) with RD Gateway on your network.
You have installed the NPS role, configured the System Health Validator (SHV), created health policies, and
configured network policies.
Which additional step will you need to perform to complete the configuration?
Enable Network Access Protection on the scope of the DHCP server
Configure a Health Registration Authority (HRA)
Configure connection authorization policies
Define restricted, boundary, and secure networks
Configure connection authorization policies
You have decided to implement Network Access Protection (NAP) with a VPN on your network.
You have installed the NPS role, configured the System Health Validator (SHV), created health policies, and
configured network policies.
Which additional step will you need to perform to complete the configuration?
Configure connection authorization policies
Configure a Health Registration Authority (HRA)
Create a connection request policy that uses PEAP authentication and has quarantine checks enabled
Define restricted, boundary, and secure networks
Create a connection request policy that uses PEAP authentication and has quarantine checks enabled
You have decided to implement Network Access Protection (NAP) on your network. You decide to create two
categories of computers:
Those that pass all health checks
Those that fail one or more health checks
Those that pass all checks should be granted full network access, while those that fail one or more should be granted access only to the quarantine network.
How should you configure NAP for this scenario? (Select two. Each choice is a required part of the solution.)
Configure two Network Policies
Configure one Network Policy
Configure two Health Policies
Configure one Health Policy
Configure two Network Policies
Configure two Health Policies
You have decided to implement Network Access Protection (NAP) on your network. You want to impose the
following restrictions:
Computers without antivirus software should not be allowed to connect.
Computers without the latest security updates should not be allowed to connect.
No other health checks should be performed.
Which NAP component would you modify to enable the health checks that should be performed when clients
attempt to connect?
Health Policy for non-compliant computers
Network Policy for non-compliant computers
System Health Validator (SHV)
Health Policy for compliant computers
Network Policy for compliant computers
System Health Validator (SHV)
You have decided to implement Network Access Protection (NAP) on your network. You want to impose the
following restrictions:
Computers without antivirus software should not be allowed to connect.
Computers without the latest security updates should not be allowed to connect.
No other health checks should be performed.
You create two health policies and two network policies: one each for compliant computers, and one each for
non-compliant computers. Only computers that pass all health checks should be allowed to connect to the
unrestricted network.
You perform a check of the configuration and find that a computer with antivirus software, but without the
latest security patches is allowed to connect. Another computer that has no antivirus software, but with the
required security updates is also allowed to connect. Only computers missing both the antivirus software and
the security updates are prevented from connecting.
You need to modify the configuration so that any client failing one or more health checks is not allowed to
connect
Which NAP component would you modify?
System Health Validator (SHV)
Network Policy
Health Registration Authority (HRA)
Health Policy
Health Policy
You have decided to implement Network Access Protection (NAP) on your network. You want to impose the
following restrictions:
Computers without antivirus software should not be allowed to connect.
Computers without the latest security updates should not be allowed to connect.
No other health checks should be performed.
You create two health policies and two network policies: one each for compliant computers, and one each for
non-compliant computers.
Which of the following settings would you choose when configuring the non-compliant health policy?
Client passes all SHV checks
Client passes one or more SHV checks
Client fails one or more SHV checks
Client fails all SHV checks
Client fails one or more SHV checks
You have decided to implement Network Access Protection (NAP) on your network. You want to impose the
following restrictions:
Computers without antivirus software should not be allowed to connect.
Computers without the latest security updates should not be allowed to connect.
No other health checks should be performed.
You create two health policies and two network policies: one each for compliant computers, and one each for
non-compliant computers. Only computers that pass all health checks should be allowed to connect to the
unrestricted network.
You are configuring the network policy for the non-compliant computers.
Which of the following will be part of the network policy configuration? (Select three.)
Enable health checks to verify antivirus software and security updates
For the client state, select Client fails one or more SHV checks
Identify remediation server groups that can be used
For NAP enforcement, select Allow limited access
Select the SHV used for validating client health
For authentication, choose Perform machine health check only
Identify remediation server groups that can be used
For NAP enforcement, select Allow limited access
For authentication, choose Perform machine health check only
