SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
MCTS: Configuring Windows Firewall And Network Access Protection
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 802.1X enforcement uses one of two methods to control which level of access compliant - noncompliant - and unauthenticated computers receive:
An access control list (ACL) - A virtual local area network (VLAN)
meets health requirements
Request Policy
drops
2. You can configure client NAP settings using the three subnodes:
DHCP servers
Enforcement Clients - User Interface Settings - Health Registration Settings
logging
Win 7 - Win Vista - and Win XP SP3
3. By default - Windows Firewall (as well as most other firewalls) ______.
4. Win 7 - Win Vista - Win Server 2008 - Win Server 2008 R2 - and Win XP SP3 include an ______ that monitors Windows Security Center settings.
compliant - noncompliant - and unauthenticated
health state
SHA
compliant - noncompliant
5. One of the most powerful ways to increase computer security is to configure firewall ______.
Enforcement Clients - User Interface Settings - Health Registration Settings
scope
compliant - noncompliant
SHA
6. The only time you would want to configure the scope using the ______ group is when the computer is configured with multiple IP addresses - and you do not want to accept connections on all IP addresses.
802.1X access points
health state
Local IP Address
per-IP address or a per-TCP/UDP port number
7. If you use Remote Desktop to allow users to control their desktops from remote computers across the Internet - you can use the ______ enforcement type to block access unless the client computer passes a health check.
Network Policy And Access Services
System Statement of Health Response (SSoHR)
RD Gateway
Win 7 - Win Vista - and Win XP SP3
8. This installs the core NPS service - which is sufficient for using the Win Server 2008 computer as a RADIUS server for ______ - ______ - or ______ enforcement.
User Interface Settings
802.1X - VPN - or DHCP
drops
System Health Validators (SHVs)
9. When deploying NAP - plan to implement it in ______ mode first. This will allow you to identify and fix noncompliant computers before preventing them from connecting to your network.
RD Gateway
per-IP address or a per-TCP/UDP port number
Remediation server group
monitoring-only
10. ______ enforcement does not provide remediation.
System Health Validators (SHVs)
RD Gateway
System Health Agents (SHAs)
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
11. With VPN server enforcement enabled - only ______ are granted unlimited network access.
worms
compliant client computers
firewalls
meets health requirements
12. If an application must accept incoming connections but the developers have not documented the communication ports that the application uses - you can use the ______ tool to identify which ports the application listens on.
compliant - noncompliant
Network policy
drops
Netstat
13. The ______ defines health requirements using SHV settings. Separate ______ must exist for both compliant and noncompliant clients.
Remote Desktop Gateways (RD Gateway).
Enforcement Clients - User Interface Settings - Health Registration Settings
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
Health policy - health policies
14. The NAP health policy server sends the SSoHR back to the NAP client through the NAP enforcement point. The NAP enforcement point can now connect a ______ computer to the network or connect a ______ computer to a remediation network.
requirement policies
compliant - noncompliant
RADIUS
health state
15. Configure the ______ policy to provide customized text (and - optionally - an image) that users will see as part of the NAP client interface.
Domain - Private - Public
System Health Agents (SHAs) - System Health Validators (SHVs)
scope
User Interface Settings
16. Which versions of Windows can act as NAP clients?
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
requirement policies
logging
domain controller
17. The Domain firewall profile applies whenever a computer can communicate with its ______.
SoHR
network access
scope
domain controller
18. The NAP health policy server combines the SoHRs from the multiple SHVs into a ______.
Local IP Address
Connection request policy
System Statement of Health Response (SSoHR)
compliant - noncompliant - and unauthenticated
19. The ______ enforcement type uses Ethernet switches or wireless access points that support 802.1X authentication.
communicate only with other
802.1X access points
netsh nap client show state
RD Gateway
20. NAP ______ allows you to identify noncompliant computers.
Network policy
DHCP servers
logging
RD Gateway
21. Each SHA on the NAP client validates its system health and generates an SoH. The NAP client combines the SoHs from multiple SHAs into a ______ - which includes version info for the NAP client and the set of SoHs for the installed SHAs.
requirement policies
Remediation server group
System Statement of Health (SSoH)
Netstat
22. In networking - ______ analyze communications and drop packets that haven't been specifically allowed.
Windows Firewall With Advanced Security
compliant client computers
Win 7 - Win Vista - and Win XP SP3
firewalls
23. Each SHV produces a _____ - which can contain remediation instructions (such as the version number of an antivirus signature file) if the client doesn't meet that SHV's health requirements.
SoHR
netsh nap client show state
802.1X - VPN - or DHCP
Statement of Health Response (SoHR)
24. NAP depends on a Win Server 2008 or Win Server 2008 R2 NAP health policy server - which acts as a ______ server - to evaluate the health of client computers.
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
RADIUS
Remediation server group
A certification authority - A web application
25. You need to create outbound firewall rules only when you configure outbound connections to be ______.
meets health requirements
SHA
Enforcement Clients
blocked by default
26. Use the ______ snap-in to create an inbound firewall rule that allows a server application to receive incoming connections.
Windows Firewall With Advanced Security
System Statement of Health (SSoH)
do not filter
SoHR
27. Which NAP enforcement types do not require support from your network infrastructure?
Enforcement Clients - User Interface Settings - Health Registration Settings
IPsec connection security - DHCP - and VPN enforcement do not require support from your network infrastructure.
compliant - noncompliant - and unauthenticated
System Health Validators (SHVs)
28. Health ______ determine which clients must meet health requirements - what those health requirements are - and what happens if a client cannot comply.
IPsec connection security
Statement of Health Response (SoHR)
monitoring-only
requirement policies
29. A group of servers that noncompliant clients can access is a ______.
worms
System Statement of Health Response (SSoHR)
Remediation server group
Local IP Address
30. The ______ enforcement type requires clients to perform a NAP health check before they can receive a health certificate.
IPsec connection security
drops
Network Policy And Access Services
An access control list (ACL) - A virtual local area network (VLAN)
31. The ______ enforcement type uses a computer running Win Server 2008 or Win Server 2008 R2 and the DHCP Server service that provides IP addresses to intranet clients.
DHCP servers
Group Policy
blocks any inbound traffic that hasn't been specifically allowed
User Interface Settings
32. To install HRA - first install the ______ role - then select the Network Policy Server check box on the Select Role Services page.
Network Policy And Access Services
System health validators
SoHR
IPsec connection security
33. VLANs are identified using a VLAN identifier - which must be configured on the switch itself. You can then use NAP to specify in which VLAN the ______ computers are placed.
compliant - noncompliant - and unauthenticated
RD Gateway
Group Policy
System Health Agents (SHAs) - System Health Validators (SHVs)
34. With 802.1X - compliant computers are granted full network access - and noncompliant computers are connected to a ______ network or completely prevented from connecting to the network.
System Statement of Health (SSoH)
compliant - noncompliant
remediation
Domain - Private - Public
35. After configuring the NPS server - you must configure client computers for NAP. The easiest way to do this is to use ______ node.
per-IP address or a per-TCP/UDP port number
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
IPsec connection security - DHCP - and VPN enforcement do not require support from your network infrastructure.
Request Policy
36. With the DHCP servers enforcement type - only ______ computers receive an IP address that grants full network access; ______computers are granted an IP address with a subnet mask of 255.255.255.255 and no default gateway.
An access control list (ACL) - A virtual local area network (VLAN)
Enforcement Clients
noncompliant - compliant
compliant - noncompliant
37. Windows Firewall ______ identifies connections that Windows Firewall allows or blocks.
logging
compliant - noncompliant
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
Network Access Protection (NAP)
38. By default - all versions of Windows (including Win Srvr 2008 R2) ______ outbound traffic.
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
Network policy
Request Policy
do not filter
39. If a computer falls out of compliance after connecting to the 802.1X network - the 802.1X network access device can change the computer's ______.
Domain - Private - Public
compliant client computers
RD Gateway
network access
40. NAP health validation takes place between two components:
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
System Statement of Health Response (SSoHR)
blocked by default
System Health Agents (SHAs) - System Health Validators (SHVs)
41. The ______ type enforces NAP for remote access connections using a VPN server running Win Server 2008 or Win Server 2008 R2 and Routing and Remote Access.
VPN servers
Windows Firewall With Advanced Security
Local IP Address
per-IP address or a per-TCP/UDP port number
42. Use the ______ subnode to configure cryptographic settings for NAP clients (the default settings are typically fine).
compliant - noncompliant
IPsec connection security
Network policy
Request Policy
43. NAP is designed to connect hosts to different network resources depending on their current ______.
System Statement of Health Response (SSoHR)
health state
compliant client computers
worms
44. The NAP client sends the SSoH to the NAP ______ through the NAP enforcement point.
User Interface Settings
drops
Local IP Address
health policy server
45. Typically - you apply an ACL to ______ computer connections and allow ______ computers to connect without an ACL (thus granting them unlimited network access).
noncompliant - compliant
compliant - noncompliant
An access control list (ACL) - A virtual local area network (VLAN)
health policy server
46. The NAP health policy server uses the ______ to determine the level of access the client computer should have and whether any remediation is necessary.
IPsec connection security
Windows Firewall With Advanced Security
A certification authority - A web application
SoHR
47. A health requirement policy is a combination of the following:
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
Statement of Health Response (SoHR)
Remediation server group
Request Policy
48. Win Server 2008 and Win Server 2008 R2 include an SHV that corresponds to the SHA built into Windows ______.
Win 7 - Win Vista - and Win XP SP3
Domain - Private - Public
worms
communicate only with other
49. To install NAP - first install the ______ role - then select the Network Policy Server check box on the Select Role Services page.
An access control list (ACL) - A virtual local area network (VLAN)
Network Policy And Access Services
requirement policies
logging
50. The firewall profiles are:
Network Access Protection (NAP)
per-IP address or a per-TCP/UDP port number
Enforcement Clients - User Interface Settings - Health Registration Settings
Domain - Private - Public