Homework answers / question archive / Test Bank, Lesson 14 Configuring Network Access Protection (NAP) Multiple Choice 1) Network Access Protection (NAP) is Microsoft’s software for controlling network access of computers based on what? a

Test Bank, Lesson 14 Configuring Network Access Protection (NAP) Multiple Choice 1) Network Access Protection (NAP) is Microsoft’s software for controlling network access of computers based on what? a

Business

Share With

---

Test Bank, Lesson 14 Configuring Network Access Protection (NAP)

Multiple Choice

1) Network Access Protection (NAP) is Microsoft’s software for controlling network access of computers based on what?

a. a computer’s IP address and VLAN

b. a computer’s overall health

c. a computer’s Windows version

d. a computer’s network functionality (role)

 

2. Because NAP is provided by _________, you need to install _________ to install NAP.

a. NPS, NPS

b. DNS, NPS

c. DHCP, NPS

d. AD, NPS

 

3. DHCP enforcement is not available for what kind of clients?

a. mobile

b. remote dial-up

c. noncompliant

d. IPv6

 

4. Identify two remediation server types.

a. Anti-virus/anti-malware servers

b. Software update servers

c. Terminal servers

d. RRAS servers

5. What type of Active Directory domain controller is recommended to minimize security risks for remediation servers?

a. Windows Server 2012

b. Windows Server 2008 R2

c. read-only

d. updated and compliant

 

6. When you fully engage NAP for remediation enforcement, what mode do you place the policy in?

a. enforcement

b. isolation

c. assessment

d. compliance

 

7. To verify a NAP client’s configuration, which command would you run?

a. netsh nap show state

b. netsh nap client show state

c. netsh nps nap show state

d. netsh nps nap agent state

 

 

8. Which two components must a NAP client have enabled in order to use NAP?

a. DHCP client

b. Windows Update

c. Security Center

d. NAP Agent

9. Why do you need a web server as part of your NAP remediation infrastructure?

a. to provide user information in case of a compliance failure

b. to provide Internet access to users who fail compliance

c. to redirect user requests for restored network access

d. to further assess how far out of compliance a user system is

 

10. Where do you look to find out which computers are blocked and which are granted access via NAP?

a. the local system’s Event Viewer

b. the AD Event Viewer

c. the RADIUS Server Event Viewer

d. the NAP Server Event Viewer

 

11. Health policies are in pairs. What are the members of the pair? Select two.

a. NAP-compliant

b. NAP-remedial

c. NAP-noncompliant

d. NAP-quarantined

 

 

12. You should restrict access only for clients that don’t have all available security updates installed if what situation exists?

a. the computers are running NAP

b. the computers are running SHA

c. the computers are running Windows Update

d. the computers are running anti-virus software

 

13. What happens to a computer that isn’t running Windows Firewall?

a. The computer is isolated.

b. The computer is powered off.

c. A server message is sent to the computer.

d. An event is logged.

 

 

14. Health policies are connected to what two other policies?

a. compliance policies

b. network policies

c. connection request policies

d. performance policies

 

 

15. To use the NAP-compliant policy, the client must do what?

a. pass 75% of the SHV checks

b. fail no more than 10% of the SHV checks

c. pass one of the SHV checks

d. pass all SHV checks

 

 

16. Which computers are not affected by VPN enforcement?

a. newly deployed computers

b. computers that access the LAN remotely

c. isolated computers

d. locally connected computers

 

 

Short Answer

 

17. How do noncompliant systems become compliant, if by network policy they’re denied access to the network?

 

 

18. Why is DHCP enforcement the weakest NAP enforcement method?

 

 

19. What is a remediation server?

 

 

20. What does DHCP set a client’s IP address and subnet mask to during isolation?

 

 

21. What is a Health Registration Authority (HRA)?

 

 

22. What is a Statement of Health (SoH)?

 

 

Best Answer

 

23. When enabling NAP for DHCP scopes, how should you roll out the service?

a. all at once

b. on test systems only

c. for individual computers

d. for individual DHCP scopes

 

 

24. What is the purpose of the System Health Agent (SHA)?

a. to provide feedback to the system for CPU, memory, and disk health

b. to provide feedback to the Security Health Validator (SHV)

c. to provide feedback on the status of system protection and updates

d. to provide feedback on overall critical performance to a central collector

 

25. Why is monitoring system health so important?

a. for hardware and software upgrade purposes

b. to track and prevent system failures

c. to prevent illegal downloading

d. to maintain a safe computing environment

 

26. Why would you set up a monitor-only NAP policy on your network?

a. You don’t want to force updates, which may include reboots, on client computers.

b. You are testing your NAP rollout before implementation.

c. You want to track compliance but not enforce it.

d. You are afraid that enforcement would violate privacy.

 

 

Build List

 

27. Order the following steps required to install the Network Policy Server.

a. On the Server Roles page, select Network Policy and Access Services.

b. Choose Server Manager > Manage > Add Roles and Features.

c. On the Authentication Requirements page, select the Yes, required requestors to be authenticated as members of a domain option.

d. Select Use the local CA to issue health certificates for this HRA server.

e. On the Select role services page, with the Network Policy Server selected, select Health Registration Authority.

f. Select Role-based or feature-based installation and select a server from the pool.

 

28. Order the following steps required to configure DHCP enforcement.

a. Install NPS on the DHCP server.

b. Enable the NAP DHCP Quarantine Enforcement Client and start the NAP service on NAP-capable client computers.

c. Configure a DHCP server and create the appropriate DHCP scopes.

d. Run the NAP Wizard to configure the connection request policy, network policy, and NAP health policy. Define the remediation severs, which noncompliant clients can access.

e. Enable NAP for individual DHCP scopes.

 

29. Order the following steps required to install the DHCP server.

a. Add Features and confirm installation.

b. Select Role-based or feature-based installation and select a server from the pool.

c. Open Server Manager > Manage > Add Roles and Features.

d. On the Server Roles page, select the DHCP Server.

30. Order the following steps required to configure NAP for DHCP server.

a. Specify DHCP Scopes and enter NAP DHCP.

b. Enter remediation computers by adding a New Group.

c. Enter the name of the Computer Group.

d. Select the Dynamic Host Configuration Protocol (DHCP) for the network connection method.

e. Configure NAP.

f. Enter a compliance URL.

g. Open the Network Policy Server console.

h. Define NAP Health Policy.

 

 

Repeated Answer

 

31. These Windows computers don’t typically move much and are part of the domain. Because they are part of the domain, they are easier to manage with group policies, managed anti-virus/anti-malware systems, and administrative control.

a. desktop computers

b. roaming laptops

c. unmanaged home computers

d. visiting laptops

 

 

32. These Windows computers are not usually connected directly to the network but connect through a VPN connection. Because they are usually personal computers, they are not part of the domain. Therefore, they usually do not get security updates and might not have an up-to-date anti-virus/anti-malware software package.

a. desktop computers

b. roaming laptops

c. unmanaged home computers

d. visiting laptops

 

 

33. These Windows computers are unmanaged computers often used by consultants or vendors who need to connect to your organization’s network. Because they are unmanaged, they might not have the newest up-to-date security patches and an up-to-date anti-virus/anti-malware software package.

a. desktop computers

b. roaming laptops

c. unmanaged home computers

d. visiting laptops

 

34. These Windows computers move often and might not be connected to the organization’s network office. Because they are typically part of the domain, they can be managed but might not get the newest updates because they are not always connected to the network.

a. desktop computers

b. roaming laptops

c. unmanaged home computers

d. visiting laptops