SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MCTS: Configuring Windows Firewall And Network Access Protection
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. NAP ______ allows you to identify noncompliant computers.
Windows Firewall With Advanced Security
User Interface Settings
logging
System Statement of Health Response (SSoHR)
2. You need to create outbound firewall rules only when you configure outbound connections to be ______.
blocked by default
Win 7 - Win Vista - and Win XP SP3
2008 (or Windows Server 2008 R2)
compliant - noncompliant
3. With VPN server enforcement enabled - only ______ are granted unlimited network access.
An access control list (ACL) - A virtual local area network (VLAN)
compliant client computers
System Statement of Health Response (SSoHR)
Network Policy And Access Services
4. ______ allows you to verify that computers meet specific health requirements before granting them unlimited access to your internal network.
scope
Local IP Address
Network Access Protection (NAP)
network access
5. A health requirement policy is a combination of the following:
per-IP address or a per-TCP/UDP port number
RADIUS
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
Network Access Protection (NAP)
6. For NAP to work - a network component must enforce NAP by either allowing or denying network access. The following list describes the different NAP enforcement types you can use:
802.1X access points
per-IP address or a per-TCP/UDP port number
Remote Desktop Gateways (RD Gateway).
compliant - noncompliant
7. You can configure client NAP settings using the three subnodes:
Enforcement Clients - User Interface Settings - Health Registration Settings
per-IP address or a per-TCP/UDP port number
802.1X access points
remediation
8. ______ is the most effective way to configure firewall settings for all computers in a domain.
802.1X - VPN - or DHCP
Group Policy
RD Gateway
Network Policy And Access Services
9. The only time you would want to configure the scope using the ______ group is when the computer is configured with multiple IP addresses - and you do not want to accept connections on all IP addresses.
Local IP Address
compliant - noncompliant
RD Gateway
SHA
10. Which NAP enforcement types do not require support from your network infrastructure?
IPsec connection security - DHCP - and VPN enforcement do not require support from your network infrastructure.
SHA
Network Policy And Access Services
2008 (or Windows Server 2008 R2)
11. IPsec enforcement requires a CA running Win Server ______ or ________ Certificate Services and NAP to support health certificates.
blocked by default
do not filter
network access
2008 (or Windows Server 2008 R2)
12. Use the ______ subnode to configure cryptographic settings for NAP clients (the default settings are typically fine).
System Health Validators (SHVs)
compliant client computers
Request Policy
Netstat
13. ______ define which health checks a client must meet to be considered compliant.
System health validators
Win 7 - Win Vista - and Win XP SP3
communicate only with other
802.1X - VPN - or DHCP
14. Use the ______ subnode to configure an HRA for IPsec NAP clients to use.
Connection request policy
Trusted Server Group
firewalls
System Statement of Health (SSoH)
15. If you use Remote Desktop to allow users to control their desktops from remote computers across the Internet - you can use the ______ enforcement type to block access unless the client computer passes a health check.
meets health requirements
RD Gateway
netsh nap client show state
System Health Agents (SHAs) - System Health Validators (SHVs)
16. Each SHV produces a _____ - which can contain remediation instructions (such as the version number of an antivirus signature file) if the client doesn't meet that SHV's health requirements.
Statement of Health Response (SoHR)
blocked by default
manually - domain controller
Windows Firewall With Advanced Security
17. The ______ defines health requirements using SHV settings. Separate ______ must exist for both compliant and noncompliant clients.
A certification authority - A web application
Enforcement Clients
Trusted Server Group
Health policy - health policies
18. The ______ are the client components that create a Statement of Health (SoH) containing a description of the health of the client computer.
System Health Agents (SHAs)
IPsec connection security
compliant - noncompliant
Request Policy
19. Typically - a NAP deployment occurs in three phases:
remediation
Testing - Monitoring - Limited access
noncompliant - compliant
meets health requirements
20. The Private profile must be ______ applied to a network. The Public profile applies any time a ______ is not available - and a network has not been configured as Private.
802.1X - VPN - or DHCP
manually - domain controller
scope
requirement policies
21. NAP health validation takes place between two components:
System Health Agents (SHAs) - System Health Validators (SHVs)
RADIUS
Win 7 - Win Vista - and Win XP SP3
compliant - noncompliant
22. A group of servers that noncompliant clients can access is a ______.
VPN servers
Remediation server group
logging
meets health requirements
23. The ______ defines the level of network access clients get based on which health policy they match.
System Health Validators (SHVs)
2008 (or Windows Server 2008 R2)
VPN servers
Network policy
24. Use the ______ snap-in to create an inbound firewall rule that allows a server application to receive incoming connections.
Remediation server group
Windows Firewall With Advanced Security
Connection request policy
802.1X - VPN - or DHCP
25. The ______ enforcement type uses Ethernet switches or wireless access points that support 802.1X authentication.
Win 7 - Win Vista - and Win XP SP3
netsh nap client show state
802.1X access points
blocked by default
26. When deploying NAP - plan to implement it in ______ mode first. This will allow you to identify and fix noncompliant computers before preventing them from connecting to your network.
Connection request policy
netsh nap client show state
monitoring-only
Testing - Monitoring - Limited access
27. This installs the core NPS service - which is sufficient for using the Win Server 2008 computer as a RADIUS server for ______ - ______ - or ______ enforcement.
compliant - noncompliant - and unauthenticated
System Statement of Health (SSoH)
Enforcement Clients
802.1X - VPN - or DHCP
28. By default - Windows Firewall (as well as most other firewalls) ______.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
29. The NAP client sends the SSoH to the NAP ______ through the NAP enforcement point.
logging
health policy server
requirement policies
do not filter
30. With the DHCP servers enforcement type - only ______ computers receive an IP address that grants full network access; ______computers are granted an IP address with a subnet mask of 255.255.255.255 and no default gateway.
Local IP Address
communicate only with other
health state
compliant - noncompliant
31. If a computer falls out of compliance after connecting to the 802.1X network - the 802.1X network access device can change the computer's ______.
Remediation server group
network access
Local IP Address
compliant - noncompliant
32. The ______ are the server components that analyze the SoH generated by the SHA and create an SoH Response (SoHR).
blocked by default
Domain - Private - Public
Enforcement Clients
System Health Validators (SHVs)
33. You can also use IPsec connection security to allow healthy computers to ______ healthy computers.
Trusted Server Group
compliant - noncompliant
2008 (or Windows Server 2008 R2)
communicate only with other
34. Win Server 2008 and Win Server 2008 R2 include an SHV that corresponds to the SHA built into Windows ______.
RADIUS
User Interface Settings
Win 7 - Win Vista - and Win XP SP3
Statement of Health Response (SoHR)
35. The NAP health policy server uses its installed SHVs and the health requirement policies that you have configured to determine whether the NAP client ______.
meets health requirements
Network Access Protection (NAP)
Enforcement Clients
Network policy
36. You can quickly verify a client's configuration by running the following command at a command prompt:
802.1X access points
netsh nap client show state
logging
compliant - noncompliant
37. With 802.1X - compliant computers are granted full network access - and noncompliant computers are connected to a ______ network or completely prevented from connecting to the network.
remediation
IPsec connection security - DHCP - and VPN enforcement do not require support from your network infrastructure.
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
Remediation server group
38. Health ______ determine which clients must meet health requirements - what those health requirements are - and what happens if a client cannot comply.
Trusted Server Group
System Statement of Health Response (SSoHR)
RD Gateway
requirement policies
39. The ______ type enforces NAP for remote access connections using a VPN server running Win Server 2008 or Win Server 2008 R2 and Routing and Remote Access.
manually - domain controller
System Health Agents (SHAs)
VPN servers
An access control list (ACL) - A virtual local area network (VLAN)
40. In networking - ______ analyze communications and drop packets that haven't been specifically allowed.
firewalls
blocked by default
netsh nap client show state
logging
41. Which versions of Windows can act as NAP clients?
per-IP address or a per-TCP/UDP port number
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
Trusted Server Group
RD Gateway
42. Installing the HRA role service configures the following:
scope
Enforcement Clients - User Interface Settings - Health Registration Settings
A certification authority - A web application
compliant - noncompliant
43. Each SHA on the NAP client validates its system health and generates an SoH. The NAP client combines the SoHs from multiple SHAs into a ______ - which includes version info for the NAP client and the set of SoHs for the installed SHAs.
System Health Agents (SHAs) - System Health Validators (SHVs)
Connection request policy
Enforcement Clients - User Interface Settings - Health Registration Settings
System Statement of Health (SSoH)
44. Configure the ______ policy to provide customized text (and - optionally - an image) that users will see as part of the NAP client interface.
network access
System Statement of Health Response (SSoHR)
User Interface Settings
worms
45. You must enable one policy to configure clients to use this enforcement type.
manually - domain controller
blocked by default
Enforcement Clients
compliant - noncompliant
46. Win 7 - Win Vista - Win Server 2008 - Win Server 2008 R2 - and Win XP SP3 include an ______ that monitors Windows Security Center settings.
SHA
Enforcement Clients
SoHR
Statement of Health Response (SoHR)
47. Windows Firewall ______ identifies connections that Windows Firewall allows or blocks.
blocks any inbound traffic that hasn't been specifically allowed
Enforcement Clients - User Interface Settings - Health Registration Settings
SHA
logging
48. NAP is designed to connect hosts to different network resources depending on their current ______.
health state
Network Policy And Access Services
logging
manually - domain controller
49. To install HRA - first install the ______ role - then select the Network Policy Server check box on the Select Role Services page.
Network Policy And Access Services
compliant - noncompliant - and unauthenticated
drops
Win 7 - Win Vista - and Win XP SP3
50. The NAP health policy server uses the ______ to determine the level of access the client computer should have and whether any remediation is necessary.
SoHR
System Health Agents (SHAs)
Health policy - health policies
compliant - noncompliant