SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
MCTS: Configuring Windows Firewall And Network Access Protection
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If an application must accept incoming connections but the developers have not documented the communication ports that the application uses - you can use the ______ tool to identify which ports the application listens on.
Netstat
Win 7 - Win Vista - and Win XP SP3
Remediation server group
logging
2. In the case of _____ - automated software attacks computers across the Internet - gains elevated privileges - copies itself to the compromised computer - and then begins attacking other computers (typically at random).
User Interface Settings
domain controller
meets health requirements
worms
3. The ______ defines the level of network access clients get based on which health policy they match.
Network policy
User Interface Settings
RD Gateway
IPsec connection security - DHCP - and VPN enforcement do not require support from your network infrastructure.
4. ______ allows you to verify that computers meet specific health requirements before granting them unlimited access to your internal network.
Network Access Protection (NAP)
Trusted Server Group
logging
health policy server
5. The only time you would want to configure the scope using the ______ group is when the computer is configured with multiple IP addresses - and you do not want to accept connections on all IP addresses.
meets health requirements
Connection request policy
Local IP Address
firewalls
6. For NAP to work - a network component must enforce NAP by either allowing or denying network access. The following list describes the different NAP enforcement types you can use:
Connection request policy
Remote Desktop Gateways (RD Gateway).
health policy server
2008 (or Windows Server 2008 R2)
7. The NAP health policy server uses the ______ to determine the level of access the client computer should have and whether any remediation is necessary.
Domain - Private - Public
An access control list (ACL) - A virtual local area network (VLAN)
SoHR
worms
8. The NAP health policy server combines the SoHRs from the multiple SHVs into a ______.
noncompliant - compliant
meets health requirements
VPN servers
System Statement of Health Response (SSoHR)
9. Configure the ______ policy to provide customized text (and - optionally - an image) that users will see as part of the NAP client interface.
System Statement of Health (SSoH)
IPsec connection security
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
User Interface Settings
10. NAP depends on a Win Server 2008 or Win Server 2008 R2 NAP health policy server - which acts as a ______ server - to evaluate the health of client computers.
RD Gateway
monitoring-only
health policy server
RADIUS
11. ______ define which health checks a client must meet to be considered compliant.
Win 7 - Win Vista - and Win XP SP3
Network Policy And Access Services
System health validators
compliant - noncompliant
12. Health ______ determine which clients must meet health requirements - what those health requirements are - and what happens if a client cannot comply.
User Interface Settings
firewalls
requirement policies
communicate only with other
13. By default - all versions of Windows (including Win Srvr 2008 R2) ______ outbound traffic.
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
domain controller
do not filter
Health policy - health policies
14. A health requirement policy is a combination of the following:
compliant - noncompliant
Enforcement Clients
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
System Health Validators (SHVs)
15. A group of servers that noncompliant clients can access is a ______.
SoHR
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
System health validators
Remediation server group
16. To install HRA - first install the ______ role - then select the Network Policy Server check box on the Select Role Services page.
Network Policy And Access Services
System Statement of Health (SSoH)
monitoring-only
RD Gateway
17. With VPN server enforcement enabled - only ______ are granted unlimited network access.
RD Gateway
compliant client computers
Connection request policy
System Health Validators (SHVs)
18. You can quickly verify a client's configuration by running the following command at a command prompt:
netsh nap client show state
User Interface Settings
SHA
network access
19. ______ is the most effective way to configure firewall settings for all computers in a domain.
Trusted Server Group
Group Policy
System Statement of Health (SSoH)
IPsec connection security
20. You can also use IPsec connection security to allow healthy computers to ______ healthy computers.
blocks any inbound traffic that hasn't been specifically allowed
netsh nap client show state
communicate only with other
Domain - Private - Public
21. The firewall profiles are:
health policy server
Domain - Private - Public
System Health Agents (SHAs) - System Health Validators (SHVs)
Local IP Address
22. IPsec enforcement allows you to require health compliance on a ______ or a ______ basis.
per-IP address or a per-TCP/UDP port number
Enforcement Clients
Local IP Address
User Interface Settings
23. With 802.1X - compliant computers are granted full network access - and noncompliant computers are connected to a ______ network or completely prevented from connecting to the network.
Network Policy And Access Services
remediation
blocked by default
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
24. VLANs are identified using a VLAN identifier - which must be configured on the switch itself. You can then use NAP to specify in which VLAN the ______ computers are placed.
compliant - noncompliant
compliant - noncompliant - and unauthenticated
logging
2008 (or Windows Server 2008 R2)
25. 802.1X enforcement uses one of two methods to control which level of access compliant - noncompliant - and unauthenticated computers receive:
per-IP address or a per-TCP/UDP port number
An access control list (ACL) - A virtual local area network (VLAN)
firewalls
Connection request policy
26. NAP health validation takes place between two components:
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
System Health Agents (SHAs) - System Health Validators (SHVs)
A certification authority - A web application
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
27. The ______ type enforces NAP for remote access connections using a VPN server running Win Server 2008 or Win Server 2008 R2 and Routing and Remote Access.
requirement policies
Enforcement Clients - User Interface Settings - Health Registration Settings
Network Access Protection (NAP)
VPN servers
28. Which NAP enforcement types do not require support from your network infrastructure?
logging
drops
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
IPsec connection security - DHCP - and VPN enforcement do not require support from your network infrastructure.
29. The ______ enforcement type requires clients to perform a NAP health check before they can receive a health certificate.
Enforcement Clients - User Interface Settings - Health Registration Settings
IPsec connection security
System Statement of Health (SSoH)
Request Policy
30. If a computer falls out of compliance after connecting to the 802.1X network - the 802.1X network access device can change the computer's ______.
RD Gateway
compliant - noncompliant
System health validators
network access
31. ______ enforcement does not provide remediation.
drops
RD Gateway
logging
requirement policies
32. One of the most powerful ways to increase computer security is to configure firewall ______.
System health validators
logging
scope
Windows Firewall With Advanced Security
33. In networking - ______ analyze communications and drop packets that haven't been specifically allowed.
System health validators
Trusted Server Group
firewalls
Windows Firewall With Advanced Security
34. The Domain firewall profile applies whenever a computer can communicate with its ______.
domain controller
System Statement of Health (SSoH)
Win 7 - Win Vista - and Win XP SP3
A certification authority - A web application
35. IPsec enforcement requires a CA running Win Server ______ or ________ Certificate Services and NAP to support health certificates.
RADIUS
Local IP Address
Connection request policy
2008 (or Windows Server 2008 R2)
36. The NAP health policy server sends the SSoHR back to the NAP client through the NAP enforcement point. The NAP enforcement point can now connect a ______ computer to the network or connect a ______ computer to a remediation network.
System Statement of Health (SSoH)
compliant - noncompliant
An access control list (ACL) - A virtual local area network (VLAN)
System Health Validators (SHVs)
37. A ______ determines whether a request should be processed by NPS.
Remediation server group
Connection request policy
domain controller
A certification authority - A web application
38. Win Server 2008 and Win Server 2008 R2 include an SHV that corresponds to the SHA built into Windows ______.
Network Policy And Access Services
Enforcement Clients - User Interface Settings - Health Registration Settings
Testing - Monitoring - Limited access
Win 7 - Win Vista - and Win XP SP3
39. The NAP client sends the SSoH to the NAP ______ through the NAP enforcement point.
Domain - Private - Public
DHCP servers
An access control list (ACL) - A virtual local area network (VLAN)
health policy server
40. Use the ______ subnode to configure an HRA for IPsec NAP clients to use.
Trusted Server Group
Testing - Monitoring - Limited access
remediation
System Health Validators (SHVs)
41. Use the ______ subnode to configure cryptographic settings for NAP clients (the default settings are typically fine).
SHA
Connection request policy
Request Policy
System Health Agents (SHAs) - System Health Validators (SHVs)
42. NAP is designed to connect hosts to different network resources depending on their current ______.
compliant - noncompliant - and unauthenticated
requirement policies
health state
Win 7 - Win Vista - and Win XP SP3
43. The 802.1X access point applies the ACL to the connection and ______ all packets that are not allowed by the ACL.
RADIUS
remediation
per-IP address or a per-TCP/UDP port number
drops
44. To install NAP - first install the ______ role - then select the Network Policy Server check box on the Select Role Services page.
Network Policy And Access Services
compliant - noncompliant - and unauthenticated
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
Trusted Server Group
45. Each SHA on the NAP client validates its system health and generates an SoH. The NAP client combines the SoHs from multiple SHAs into a ______ - which includes version info for the NAP client and the set of SoHs for the installed SHAs.
RADIUS
monitoring-only
System Statement of Health (SSoH)
drops
46. With the DHCP servers enforcement type - only ______ computers receive an IP address that grants full network access; ______computers are granted an IP address with a subnet mask of 255.255.255.255 and no default gateway.
domain controller
RD Gateway
compliant - noncompliant
Remote Desktop Gateways (RD Gateway).
47. Installing the HRA role service configures the following:
RADIUS
SHA
monitoring-only
A certification authority - A web application
48. The Private profile must be ______ applied to a network. The Public profile applies any time a ______ is not available - and a network has not been configured as Private.
remediation
Trusted Server Group
manually - domain controller
worms
49. You must enable one policy to configure clients to use this enforcement type.
compliant - noncompliant
IPsec connection security
do not filter
Enforcement Clients
50. If you use Remote Desktop to allow users to control their desktops from remote computers across the Internet - you can use the ______ enforcement type to block access unless the client computer passes a health check.
Network policy
RD Gateway
logging
scope