SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MCTS: Configuring Windows Firewall And Network Access Protection
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To install NAP - first install the ______ role - then select the Network Policy Server check box on the Select Role Services page.
Network Policy And Access Services
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
compliant - noncompliant - and unauthenticated
Local IP Address
2. The Domain firewall profile applies whenever a computer can communicate with its ______.
health state
network access
firewalls
domain controller
3. ______ is the most effective way to configure firewall settings for all computers in a domain.
User Interface Settings
Group Policy
An access control list (ACL) - A virtual local area network (VLAN)
firewalls
4. This installs the core NPS service - which is sufficient for using the Win Server 2008 computer as a RADIUS server for ______ - ______ - or ______ enforcement.
802.1X - VPN - or DHCP
Netstat
Network Policy And Access Services
Statement of Health Response (SoHR)
5. If a computer falls out of compliance after connecting to the 802.1X network - the 802.1X network access device can change the computer's ______.
DHCP servers
network access
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
do not filter
6. Health ______ determine which clients must meet health requirements - what those health requirements are - and what happens if a client cannot comply.
Remediation server group
requirement policies
worms
RD Gateway
7. The Private profile must be ______ applied to a network. The Public profile applies any time a ______ is not available - and a network has not been configured as Private.
A certification authority - A web application
manually - domain controller
IPsec connection security - DHCP - and VPN enforcement do not require support from your network infrastructure.
scope
8. A health requirement policy is a combination of the following:
health state
IPsec connection security - DHCP - and VPN enforcement do not require support from your network infrastructure.
scope
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
9. You can also use IPsec connection security to allow healthy computers to ______ healthy computers.
communicate only with other
scope
Remote Desktop Gateways (RD Gateway).
2008 (or Windows Server 2008 R2)
10. Use the ______ subnode to configure an HRA for IPsec NAP clients to use.
Trusted Server Group
Statement of Health Response (SoHR)
scope
802.1X access points
11. The ______ enforcement type uses a computer running Win Server 2008 or Win Server 2008 R2 and the DHCP Server service that provides IP addresses to intranet clients.
blocks any inbound traffic that hasn't been specifically allowed
802.1X - VPN - or DHCP
SoHR
DHCP servers
12. With the DHCP servers enforcement type - only ______ computers receive an IP address that grants full network access; ______computers are granted an IP address with a subnet mask of 255.255.255.255 and no default gateway.
domain controller
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
compliant - noncompliant
blocked by default
13. To install HRA - first install the ______ role - then select the Network Policy Server check box on the Select Role Services page.
health policy server
DHCP servers
Network Policy And Access Services
Domain - Private - Public
14. You can quickly verify a client's configuration by running the following command at a command prompt:
netsh nap client show state
802.1X access points
compliant client computers
health policy server
15. NAP health validation takes place between two components:
logging
System Statement of Health (SSoH)
System Health Agents (SHAs) - System Health Validators (SHVs)
Trusted Server Group
16. With 802.1X - compliant computers are granted full network access - and noncompliant computers are connected to a ______ network or completely prevented from connecting to the network.
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
remediation
Health policy - health policies
health policy server
17. Installing the HRA role service configures the following:
Group Policy
Netstat
A certification authority - A web application
802.1X access points
18. The ______ defines health requirements using SHV settings. Separate ______ must exist for both compliant and noncompliant clients.
System Statement of Health (SSoH)
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
RADIUS
Health policy - health policies
19. Typically - a NAP deployment occurs in three phases:
Testing - Monitoring - Limited access
802.1X access points
meets health requirements
System Health Agents (SHAs) - System Health Validators (SHVs)
20. Win 7 - Win Vista - Win Server 2008 - Win Server 2008 R2 - and Win XP SP3 include an ______ that monitors Windows Security Center settings.
domain controller
System Health Validators (SHVs)
SHA
compliant - noncompliant
21. A group of servers that noncompliant clients can access is a ______.
System Statement of Health (SSoH)
Remediation server group
User Interface Settings
netsh nap client show state
22. The ______ defines the level of network access clients get based on which health policy they match.
Win 7 - Win Vista - and Win XP SP3
Group Policy
Remote Desktop Gateways (RD Gateway).
Network policy
23. A ______ determines whether a request should be processed by NPS.
Connection request policy
logging
2008 (or Windows Server 2008 R2)
compliant - noncompliant
24. The ______ enforcement type uses Ethernet switches or wireless access points that support 802.1X authentication.
SHA
802.1X access points
Group Policy
drops
25. If you use Remote Desktop to allow users to control their desktops from remote computers across the Internet - you can use the ______ enforcement type to block access unless the client computer passes a health check.
2008 (or Windows Server 2008 R2)
A certification authority - A web application
Network Policy And Access Services
RD Gateway
26. The NAP health policy server sends the SSoHR back to the NAP client through the NAP enforcement point. The NAP enforcement point can now connect a ______ computer to the network or connect a ______ computer to a remediation network.
compliant - noncompliant
System Statement of Health (SSoH)
802.1X access points
domain controller
27. ______ enforcement does not provide remediation.
2008 (or Windows Server 2008 R2)
RD Gateway
requirement policies
scope
28. The NAP health policy server combines the SoHRs from the multiple SHVs into a ______.
System Statement of Health Response (SSoHR)
Enforcement Clients - User Interface Settings - Health Registration Settings
RADIUS
System Health Agents (SHAs) - System Health Validators (SHVs)
29. After configuring the NPS server - you must configure client computers for NAP. The easiest way to do this is to use ______ node.
Request Policy
Trusted Server Group
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
Netstat
30. ______ define which health checks a client must meet to be considered compliant.
2008 (or Windows Server 2008 R2)
System health validators
DHCP servers
compliant - noncompliant
31. The ______ enforcement type requires clients to perform a NAP health check before they can receive a health certificate.
Statement of Health Response (SoHR)
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
SoHR
IPsec connection security
32. NAP is designed to connect hosts to different network resources depending on their current ______.
An access control list (ACL) - A virtual local area network (VLAN)
compliant - noncompliant - and unauthenticated
Win 7 - Win Vista - and Win XP SP3
health state
33. Which versions of Windows can act as NAP clients?
Netstat
System Health Agents (SHAs) - System Health Validators (SHVs)
Remediation server group
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
34. Each SHA on the NAP client validates its system health and generates an SoH. The NAP client combines the SoHs from multiple SHAs into a ______ - which includes version info for the NAP client and the set of SoHs for the installed SHAs.
RD Gateway
netsh nap client show state
do not filter
System Statement of Health (SSoH)
35. The ______ type enforces NAP for remote access connections using a VPN server running Win Server 2008 or Win Server 2008 R2 and Routing and Remote Access.
VPN servers
health policy server
Network Access Protection (NAP)
Local IP Address
36. With VPN server enforcement enabled - only ______ are granted unlimited network access.
IPsec connection security - DHCP - and VPN enforcement do not require support from your network infrastructure.
domain controller
compliant client computers
Win 7 - Win Vista - and Win XP SP3
37. IPsec enforcement requires a CA running Win Server ______ or ________ Certificate Services and NAP to support health certificates.
Group Policy
System health validators
2008 (or Windows Server 2008 R2)
RADIUS
38. For NAP to work - a network component must enforce NAP by either allowing or denying network access. The following list describes the different NAP enforcement types you can use:
requirement policies
Testing - Monitoring - Limited access
User Interface Settings
Remote Desktop Gateways (RD Gateway).
39. The 802.1X access point applies the ACL to the connection and ______ all packets that are not allowed by the ACL.
SoHR
Remediation server group
drops
blocked by default
40. Use the ______ snap-in to create an inbound firewall rule that allows a server application to receive incoming connections.
Windows Firewall With Advanced Security
DHCP servers
System Health Agents (SHAs)
Network policy
41. You must enable one policy to configure clients to use this enforcement type.
Enforcement Clients
network access
Request Policy
System health validators
42. The only time you would want to configure the scope using the ______ group is when the computer is configured with multiple IP addresses - and you do not want to accept connections on all IP addresses.
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
Netstat
RD Gateway
Local IP Address
43. Win Server 2008 and Win Server 2008 R2 include an SHV that corresponds to the SHA built into Windows ______.
An access control list (ACL) - A virtual local area network (VLAN)
Win 7 - Win Vista - and Win XP SP3
Local IP Address
Statement of Health Response (SoHR)
44. Each SHV produces a _____ - which can contain remediation instructions (such as the version number of an antivirus signature file) if the client doesn't meet that SHV's health requirements.
2008 (or Windows Server 2008 R2)
Statement of Health Response (SoHR)
requirement policies
A certification authority - A web application
45. By default - all versions of Windows (including Win Srvr 2008 R2) ______ outbound traffic.
Testing - Monitoring - Limited access
do not filter
Domain - Private - Public
blocked by default
46. The NAP client sends the SSoH to the NAP ______ through the NAP enforcement point.
Enforcement Clients - User Interface Settings - Health Registration Settings
health policy server
logging
domain controller
47. Typically - you apply an ACL to ______ computer connections and allow ______ computers to connect without an ACL (thus granting them unlimited network access).
System health validators
802.1X access points
scope
noncompliant - compliant
48. The ______ are the client components that create a Statement of Health (SoH) containing a description of the health of the client computer.
RD Gateway
User Interface Settings
System Health Agents (SHAs)
Enforcement Clients
49. IPsec enforcement allows you to require health compliance on a ______ or a ______ basis.
meets health requirements
per-IP address or a per-TCP/UDP port number
DHCP servers
Network policy
50. VLANs are identified using a VLAN identifier - which must be configured on the switch itself. You can then use NAP to specify in which VLAN the ______ computers are placed.
Network Policy And Access Services
compliant - noncompliant - and unauthenticated
802.1X - VPN - or DHCP
IPsec connection security - DHCP - and VPN enforcement do not require support from your network infrastructure.