SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
MCTS: Configuring Windows Firewall And Network Access Protection
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IPsec enforcement requires a CA running Win Server ______ or ________ Certificate Services and NAP to support health certificates.
blocks any inbound traffic that hasn't been specifically allowed
drops
2008 (or Windows Server 2008 R2)
802.1X access points
2. In the case of _____ - automated software attacks computers across the Internet - gains elevated privileges - copies itself to the compromised computer - and then begins attacking other computers (typically at random).
worms
System Health Validators (SHVs)
Network Access Protection (NAP)
blocked by default
3. IPsec enforcement allows you to require health compliance on a ______ or a ______ basis.
802.1X access points
Enforcement Clients
monitoring-only
per-IP address or a per-TCP/UDP port number
4. If a computer falls out of compliance after connecting to the 802.1X network - the 802.1X network access device can change the computer's ______.
network access
SHA
domain controller
802.1X - VPN - or DHCP
5. If you use Remote Desktop to allow users to control their desktops from remote computers across the Internet - you can use the ______ enforcement type to block access unless the client computer passes a health check.
Request Policy
RD Gateway
A certification authority - A web application
monitoring-only
6. Typically - a NAP deployment occurs in three phases:
remediation
Testing - Monitoring - Limited access
802.1X - VPN - or DHCP
network access
7. If an application must accept incoming connections but the developers have not documented the communication ports that the application uses - you can use the ______ tool to identify which ports the application listens on.
Windows Firewall With Advanced Security
Win 7 - Win Vista - and Win XP SP3
Netstat
802.1X - VPN - or DHCP
8. Which versions of Windows can act as NAP clients?
domain controller
Enforcement Clients - User Interface Settings - Health Registration Settings
compliant - noncompliant
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
9. ______ allows you to verify that computers meet specific health requirements before granting them unlimited access to your internal network.
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
Network Access Protection (NAP)
Request Policy
do not filter
10. Each SHV produces a _____ - which can contain remediation instructions (such as the version number of an antivirus signature file) if the client doesn't meet that SHV's health requirements.
Statement of Health Response (SoHR)
SHA
Health policy - health policies
Network Policy And Access Services
11. ______ define which health checks a client must meet to be considered compliant.
drops
blocked by default
System health validators
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
12. Which NAP enforcement types do not require support from your network infrastructure?
netsh nap client show state
IPsec connection security - DHCP - and VPN enforcement do not require support from your network infrastructure.
compliant - noncompliant
drops
13. The NAP client sends the SSoH to the NAP ______ through the NAP enforcement point.
netsh nap client show state
firewalls
IPsec connection security
health policy server
14. You can quickly verify a client's configuration by running the following command at a command prompt:
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
RD Gateway
Request Policy
netsh nap client show state
15. After configuring the NPS server - you must configure client computers for NAP. The easiest way to do this is to use ______ node.
logging
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
Remote Desktop Gateways (RD Gateway).
System Health Validators (SHVs)
16. By default - all versions of Windows (including Win Srvr 2008 R2) ______ outbound traffic.
remediation
Network policy
do not filter
Network Policy And Access Services
17. To install NAP - first install the ______ role - then select the Network Policy Server check box on the Select Role Services page.
network access
netsh nap client show state
Network Policy And Access Services
monitoring-only
18. VLANs are identified using a VLAN identifier - which must be configured on the switch itself. You can then use NAP to specify in which VLAN the ______ computers are placed.
logging
System Statement of Health (SSoH)
compliant - noncompliant - and unauthenticated
Connection request policy
19. The Private profile must be ______ applied to a network. The Public profile applies any time a ______ is not available - and a network has not been configured as Private.
Remediation server group
scope
manually - domain controller
Trusted Server Group
20. Use the ______ snap-in to create an inbound firewall rule that allows a server application to receive incoming connections.
Testing - Monitoring - Limited access
compliant - noncompliant - and unauthenticated
blocks any inbound traffic that hasn't been specifically allowed
Windows Firewall With Advanced Security
21. Windows Firewall ______ identifies connections that Windows Firewall allows or blocks.
SHA
logging
meets health requirements
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
22. NAP is designed to connect hosts to different network resources depending on their current ______.
compliant - noncompliant
health state
SHA
DHCP servers
23. Configure the ______ policy to provide customized text (and - optionally - an image) that users will see as part of the NAP client interface.
Windows Firewall With Advanced Security
User Interface Settings
remediation
Health policy - health policies
24. A ______ determines whether a request should be processed by NPS.
System Health Agents (SHAs)
Connection request policy
RD Gateway
802.1X - VPN - or DHCP
25. The only time you would want to configure the scope using the ______ group is when the computer is configured with multiple IP addresses - and you do not want to accept connections on all IP addresses.
network access
IPsec connection security
Local IP Address
logging
26. The ______ enforcement type requires clients to perform a NAP health check before they can receive a health certificate.
IPsec connection security
blocked by default
Remote Desktop Gateways (RD Gateway).
per-IP address or a per-TCP/UDP port number
27. NAP health validation takes place between two components:
System Health Agents (SHAs) - System Health Validators (SHVs)
VPN servers
Local IP Address
network access
28. The ______ are the server components that analyze the SoH generated by the SHA and create an SoH Response (SoHR).
System Health Validators (SHVs)
Health policy - health policies
System Health Agents (SHAs)
scope
29. You can configure client NAP settings using the three subnodes:
netsh nap client show state
Remediation server group
A certification authority - A web application
Enforcement Clients - User Interface Settings - Health Registration Settings
30. In networking - ______ analyze communications and drop packets that haven't been specifically allowed.
scope
DHCP servers
blocked by default
firewalls
31. The ______ enforcement type uses Ethernet switches or wireless access points that support 802.1X authentication.
A certification authority - A web application
SHA
Request Policy
802.1X access points
32. The ______ defines the level of network access clients get based on which health policy they match.
blocks any inbound traffic that hasn't been specifically allowed
Enforcement Clients - User Interface Settings - Health Registration Settings
RADIUS
Network policy
33. The firewall profiles are:
compliant - noncompliant - and unauthenticated
RD Gateway
Domain - Private - Public
drops
34. The ______ are the client components that create a Statement of Health (SoH) containing a description of the health of the client computer.
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
blocks any inbound traffic that hasn't been specifically allowed
System Health Agents (SHAs) - System Health Validators (SHVs)
System Health Agents (SHAs)
35. The ______ enforcement type uses a computer running Win Server 2008 or Win Server 2008 R2 and the DHCP Server service that provides IP addresses to intranet clients.
802.1X access points
System Statement of Health (SSoH)
DHCP servers
Remote Desktop Gateways (RD Gateway).
36. Health ______ determine which clients must meet health requirements - what those health requirements are - and what happens if a client cannot comply.
requirement policies
Enforcement Clients
RD Gateway
Domain - Private - Public
37. Win 7 - Win Vista - Win Server 2008 - Win Server 2008 R2 - and Win XP SP3 include an ______ that monitors Windows Security Center settings.
Netstat
communicate only with other
Enforcement Clients
SHA
38. To install HRA - first install the ______ role - then select the Network Policy Server check box on the Select Role Services page.
SHA
Trusted Server Group
Network Policy And Access Services
User Interface Settings
39. A health requirement policy is a combination of the following:
Network Policy And Access Services
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
IPsec connection security
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
40. A group of servers that noncompliant clients can access is a ______.
Local IP Address
Remote Desktop Gateways (RD Gateway).
System Health Agents (SHAs)
Remediation server group
41. Each SHA on the NAP client validates its system health and generates an SoH. The NAP client combines the SoHs from multiple SHAs into a ______ - which includes version info for the NAP client and the set of SoHs for the installed SHAs.
RD Gateway
System Statement of Health (SSoH)
blocks any inbound traffic that hasn't been specifically allowed
manually - domain controller
42. The Domain firewall profile applies whenever a computer can communicate with its ______.
scope
domain controller
DHCP servers
Remote Desktop Gateways (RD Gateway).
43. The ______ type enforces NAP for remote access connections using a VPN server running Win Server 2008 or Win Server 2008 R2 and Routing and Remote Access.
logging
compliant - noncompliant
Group Policy
VPN servers
44. The NAP health policy server uses the ______ to determine the level of access the client computer should have and whether any remediation is necessary.
communicate only with other
noncompliant - compliant
SoHR
do not filter
45. With 802.1X - compliant computers are granted full network access - and noncompliant computers are connected to a ______ network or completely prevented from connecting to the network.
per-IP address or a per-TCP/UDP port number
System Statement of Health Response (SSoHR)
remediation
System Health Validators (SHVs)
46. For NAP to work - a network component must enforce NAP by either allowing or denying network access. The following list describes the different NAP enforcement types you can use:
logging
Remote Desktop Gateways (RD Gateway).
compliant - noncompliant
802.1X access points
47. With VPN server enforcement enabled - only ______ are granted unlimited network access.
compliant client computers
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
RADIUS
VPN servers
48. The 802.1X access point applies the ACL to the connection and ______ all packets that are not allowed by the ACL.
drops
domain controller
Enforcement Clients - User Interface Settings - Health Registration Settings
Group Policy
49. This installs the core NPS service - which is sufficient for using the Win Server 2008 computer as a RADIUS server for ______ - ______ - or ______ enforcement.
Local IP Address
802.1X - VPN - or DHCP
remediation
health state
50. With the DHCP servers enforcement type - only ______ computers receive an IP address that grants full network access; ______computers are granted an IP address with a subnet mask of 255.255.255.255 and no default gateway.
compliant - noncompliant
Group Policy
logging
compliant - noncompliant - and unauthenticated