SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MCTS: Configuring Windows Firewall And Network Access Protection
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. One of the most powerful ways to increase computer security is to configure firewall ______.
Group Policy
logging
System Health Agents (SHAs) - System Health Validators (SHVs)
scope
2. The NAP client sends the SSoH to the NAP ______ through the NAP enforcement point.
compliant - noncompliant
health policy server
System Health Agents (SHAs)
IPsec connection security
3. Each SHV produces a _____ - which can contain remediation instructions (such as the version number of an antivirus signature file) if the client doesn't meet that SHV's health requirements.
Network Access Protection (NAP)
firewalls
Trusted Server Group
Statement of Health Response (SoHR)
4. If an application must accept incoming connections but the developers have not documented the communication ports that the application uses - you can use the ______ tool to identify which ports the application listens on.
IPsec connection security
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
blocks any inbound traffic that hasn't been specifically allowed
Netstat
5. The ______ are the server components that analyze the SoH generated by the SHA and create an SoH Response (SoHR).
per-IP address or a per-TCP/UDP port number
System Health Validators (SHVs)
logging
Domain - Private - Public
6. With the DHCP servers enforcement type - only ______ computers receive an IP address that grants full network access; ______computers are granted an IP address with a subnet mask of 255.255.255.255 and no default gateway.
compliant - noncompliant
IPsec connection security - DHCP - and VPN enforcement do not require support from your network infrastructure.
SHA
System Health Agents (SHAs)
7. By default - Windows Firewall (as well as most other firewalls) ______.
8. The NAP health policy server uses its installed SHVs and the health requirement policies that you have configured to determine whether the NAP client ______.
SoHR
Network policy
System Statement of Health Response (SSoHR)
meets health requirements
9. The Private profile must be ______ applied to a network. The Public profile applies any time a ______ is not available - and a network has not been configured as Private.
manually - domain controller
health state
Trusted Server Group
2008 (or Windows Server 2008 R2)
10. Use the ______ snap-in to create an inbound firewall rule that allows a server application to receive incoming connections.
do not filter
System Health Agents (SHAs)
SoHR
Windows Firewall With Advanced Security
11. In the case of _____ - automated software attacks computers across the Internet - gains elevated privileges - copies itself to the compromised computer - and then begins attacking other computers (typically at random).
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
communicate only with other
worms
logging
12. You can quickly verify a client's configuration by running the following command at a command prompt:
netsh nap client show state
System Health Agents (SHAs)
network access
Enforcement Clients
13. You must enable one policy to configure clients to use this enforcement type.
Trusted Server Group
compliant - noncompliant
Enforcement Clients
Local IP Address
14. IPsec enforcement requires a CA running Win Server ______ or ________ Certificate Services and NAP to support health certificates.
compliant - noncompliant - and unauthenticated
netsh nap client show state
2008 (or Windows Server 2008 R2)
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
15. The ______ enforcement type requires clients to perform a NAP health check before they can receive a health certificate.
IPsec connection security - DHCP - and VPN enforcement do not require support from your network infrastructure.
Remote Desktop Gateways (RD Gateway).
domain controller
IPsec connection security
16. The only time you would want to configure the scope using the ______ group is when the computer is configured with multiple IP addresses - and you do not want to accept connections on all IP addresses.
Local IP Address
System Statement of Health (SSoH)
A certification authority - A web application
Network Access Protection (NAP)
17. You can also use IPsec connection security to allow healthy computers to ______ healthy computers.
2008 (or Windows Server 2008 R2)
Enforcement Clients
logging
communicate only with other
18. VLANs are identified using a VLAN identifier - which must be configured on the switch itself. You can then use NAP to specify in which VLAN the ______ computers are placed.
User Interface Settings
compliant - noncompliant - and unauthenticated
System Health Agents (SHAs) - System Health Validators (SHVs)
Netstat
19. NAP ______ allows you to identify noncompliant computers.
RD Gateway
802.1X access points
logging
System Health Validators (SHVs)
20. For NAP to work - a network component must enforce NAP by either allowing or denying network access. The following list describes the different NAP enforcement types you can use:
Remote Desktop Gateways (RD Gateway).
health state
RD Gateway
health policy server
21. Win 7 - Win Vista - Win Server 2008 - Win Server 2008 R2 - and Win XP SP3 include an ______ that monitors Windows Security Center settings.
meets health requirements
SHA
Network Access Protection (NAP)
IPsec connection security
22. In networking - ______ analyze communications and drop packets that haven't been specifically allowed.
logging
System Health Validators (SHVs)
firewalls
do not filter
23. IPsec enforcement allows you to require health compliance on a ______ or a ______ basis.
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
System health validators
monitoring-only
per-IP address or a per-TCP/UDP port number
24. The ______ defines health requirements using SHV settings. Separate ______ must exist for both compliant and noncompliant clients.
Health policy - health policies
compliant client computers
network access
meets health requirements
25. Installing the HRA role service configures the following:
System Health Validators (SHVs)
Netstat
health state
A certification authority - A web application
26. If you use Remote Desktop to allow users to control their desktops from remote computers across the Internet - you can use the ______ enforcement type to block access unless the client computer passes a health check.
drops
802.1X access points
health state
RD Gateway
27. The NAP health policy server sends the SSoHR back to the NAP client through the NAP enforcement point. The NAP enforcement point can now connect a ______ computer to the network or connect a ______ computer to a remediation network.
An access control list (ACL) - A virtual local area network (VLAN)
Win 7 - Win Vista - and Win XP SP3
compliant - noncompliant
Netstat
28. ______ define which health checks a client must meet to be considered compliant.
System health validators
Health policy - health policies
System Statement of Health Response (SSoHR)
Remediation server group
29. NAP is designed to connect hosts to different network resources depending on their current ______.
System Statement of Health (SSoH)
IPsec connection security - DHCP - and VPN enforcement do not require support from your network infrastructure.
health state
manually - domain controller
30. The NAP health policy server combines the SoHRs from the multiple SHVs into a ______.
worms
Windows Firewall With Advanced Security
System Statement of Health Response (SSoHR)
Domain - Private - Public
31. To install HRA - first install the ______ role - then select the Network Policy Server check box on the Select Role Services page.
Network Policy And Access Services
Connection request policy
Health policy - health policies
SHA
32. You need to create outbound firewall rules only when you configure outbound connections to be ______.
domain controller
blocked by default
communicate only with other
per-IP address or a per-TCP/UDP port number
33. NAP depends on a Win Server 2008 or Win Server 2008 R2 NAP health policy server - which acts as a ______ server - to evaluate the health of client computers.
RADIUS
System Health Validators (SHVs)
2008 (or Windows Server 2008 R2)
domain controller
34. Use the ______ subnode to configure cryptographic settings for NAP clients (the default settings are typically fine).
System Health Agents (SHAs) - System Health Validators (SHVs)
Request Policy
Domain - Private - Public
802.1X - VPN - or DHCP
35. A ______ determines whether a request should be processed by NPS.
Statement of Health Response (SoHR)
compliant - noncompliant
Connection request policy
DHCP servers
36. When deploying NAP - plan to implement it in ______ mode first. This will allow you to identify and fix noncompliant computers before preventing them from connecting to your network.
RADIUS
monitoring-only
Network policy
A certification authority - A web application
37. The ______ enforcement type uses Ethernet switches or wireless access points that support 802.1X authentication.
System Statement of Health Response (SSoHR)
SHA
Request Policy
802.1X access points
38. With VPN server enforcement enabled - only ______ are granted unlimited network access.
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
IPsec connection security - DHCP - and VPN enforcement do not require support from your network infrastructure.
compliant client computers
noncompliant - compliant
39. This installs the core NPS service - which is sufficient for using the Win Server 2008 computer as a RADIUS server for ______ - ______ - or ______ enforcement.
802.1X - VPN - or DHCP
drops
Group Policy
manually - domain controller
40. Typically - a NAP deployment occurs in three phases:
Testing - Monitoring - Limited access
Win 7 - Win Vista - and Win XP SP3
IPsec connection security - DHCP - and VPN enforcement do not require support from your network infrastructure.
802.1X access points
41. The NAP health policy server uses the ______ to determine the level of access the client computer should have and whether any remediation is necessary.
SoHR
IPsec connection security - DHCP - and VPN enforcement do not require support from your network infrastructure.
Network Access Protection (NAP)
System Health Agents (SHAs) - System Health Validators (SHVs)
42. The Domain firewall profile applies whenever a computer can communicate with its ______.
Group Policy
firewalls
domain controller
health state
43. Configure the ______ policy to provide customized text (and - optionally - an image) that users will see as part of the NAP client interface.
Netstat
RD Gateway
User Interface Settings
drops
44. Use the ______ subnode to configure an HRA for IPsec NAP clients to use.
Enforcement Clients
An access control list (ACL) - A virtual local area network (VLAN)
Trusted Server Group
compliant - noncompliant - and unauthenticated
45. The 802.1X access point applies the ACL to the connection and ______ all packets that are not allowed by the ACL.
Network Access Protection (NAP)
Network policy
System Statement of Health Response (SSoHR)
drops
46. Typically - you apply an ACL to ______ computer connections and allow ______ computers to connect without an ACL (thus granting them unlimited network access).
RD Gateway
Statement of Health Response (SoHR)
noncompliant - compliant
System Health Agents (SHAs) - System Health Validators (SHVs)
47. The ______ type enforces NAP for remote access connections using a VPN server running Win Server 2008 or Win Server 2008 R2 and Routing and Remote Access.
Local IP Address
VPN servers
logging
communicate only with other
48. After configuring the NPS server - you must configure client computers for NAP. The easiest way to do this is to use ______ node.
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
Network Access Protection (NAP)
Domain - Private - Public
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
49. The ______ are the client components that create a Statement of Health (SoH) containing a description of the health of the client computer.
compliant client computers
System Health Agents (SHAs)
Network Policy And Access Services
Netstat
50. Health ______ determine which clients must meet health requirements - what those health requirements are - and what happens if a client cannot comply.
drops
requirement policies
Request Policy
2008 (or Windows Server 2008 R2)