Test your basic knowledge |

MCTS: Configuring Windows Firewall And Network Access Protection

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The NAP health policy server sends the SSoHR back to the NAP client through the NAP enforcement point. The NAP enforcement point can now connect a ______ computer to the network or connect a ______ computer to a remediation network.






2. In networking - ______ analyze communications and drop packets that haven't been specifically allowed.






3. If you use Remote Desktop to allow users to control their desktops from remote computers across the Internet - you can use the ______ enforcement type to block access unless the client computer passes a health check.






4. The NAP health policy server combines the SoHRs from the multiple SHVs into a ______.






5. IPsec enforcement requires a CA running Win Server ______ or ________ Certificate Services and NAP to support health certificates.






6. NAP is designed to connect hosts to different network resources depending on their current ______.






7. The 802.1X access point applies the ACL to the connection and ______ all packets that are not allowed by the ACL.






8. You can also use IPsec connection security to allow healthy computers to ______ healthy computers.






9. You need to create outbound firewall rules only when you configure outbound connections to be ______.






10. Health ______ determine which clients must meet health requirements - what those health requirements are - and what happens if a client cannot comply.






11. The ______ are the server components that analyze the SoH generated by the SHA and create an SoH Response (SoHR).






12. VLANs are identified using a VLAN identifier - which must be configured on the switch itself. You can then use NAP to specify in which VLAN the ______ computers are placed.






13. Installing the HRA role service configures the following:






14. A health requirement policy is a combination of the following:






15. To install HRA - first install the ______ role - then select the Network Policy Server check box on the Select Role Services page.






16. The NAP client sends the SSoH to the NAP ______ through the NAP enforcement point.






17. Configure the ______ policy to provide customized text (and - optionally - an image) that users will see as part of the NAP client interface.






18. Each SHA on the NAP client validates its system health and generates an SoH. The NAP client combines the SoHs from multiple SHAs into a ______ - which includes version info for the NAP client and the set of SoHs for the installed SHAs.






19. For NAP to work - a network component must enforce NAP by either allowing or denying network access. The following list describes the different NAP enforcement types you can use:






20. The firewall profiles are:






21. The only time you would want to configure the scope using the ______ group is when the computer is configured with multiple IP addresses - and you do not want to accept connections on all IP addresses.






22. The NAP health policy server uses its installed SHVs and the health requirement policies that you have configured to determine whether the NAP client ______.






23. The NAP health policy server uses the ______ to determine the level of access the client computer should have and whether any remediation is necessary.






24. Which versions of Windows can act as NAP clients?






25. The Private profile must be ______ applied to a network. The Public profile applies any time a ______ is not available - and a network has not been configured as Private.






26. The ______ defines the level of network access clients get based on which health policy they match.






27. You can quickly verify a client's configuration by running the following command at a command prompt:






28. After configuring the NPS server - you must configure client computers for NAP. The easiest way to do this is to use ______ node.






29. ______ is the most effective way to configure firewall settings for all computers in a domain.






30. A ______ determines whether a request should be processed by NPS.






31. The Domain firewall profile applies whenever a computer can communicate with its ______.






32. Use the ______ snap-in to create an inbound firewall rule that allows a server application to receive incoming connections.






33. In the case of _____ - automated software attacks computers across the Internet - gains elevated privileges - copies itself to the compromised computer - and then begins attacking other computers (typically at random).






34. By default - all versions of Windows (including Win Srvr 2008 R2) ______ outbound traffic.






35. NAP health validation takes place between two components:






36. Use the ______ subnode to configure an HRA for IPsec NAP clients to use.






37. When deploying NAP - plan to implement it in ______ mode first. This will allow you to identify and fix noncompliant computers before preventing them from connecting to your network.






38. A group of servers that noncompliant clients can access is a ______.






39. ______ enforcement does not provide remediation.






40. IPsec enforcement allows you to require health compliance on a ______ or a ______ basis.






41. ______ define which health checks a client must meet to be considered compliant.






42. With 802.1X - compliant computers are granted full network access - and noncompliant computers are connected to a ______ network or completely prevented from connecting to the network.






43. Windows Firewall ______ identifies connections that Windows Firewall allows or blocks.






44. Win Server 2008 and Win Server 2008 R2 include an SHV that corresponds to the SHA built into Windows ______.






45. The ______ type enforces NAP for remote access connections using a VPN server running Win Server 2008 or Win Server 2008 R2 and Routing and Remote Access.






46. You must enable one policy to configure clients to use this enforcement type.






47. Typically - you apply an ACL to ______ computer connections and allow ______ computers to connect without an ACL (thus granting them unlimited network access).






48. To install NAP - first install the ______ role - then select the Network Policy Server check box on the Select Role Services page.






49. With VPN server enforcement enabled - only ______ are granted unlimited network access.






50. NAP ______ allows you to identify noncompliant computers.