Test your basic knowledge |

MCTS: Configuring Windows Firewall And Network Access Protection

Subjects : certifications, mcts, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Installing the HRA role service configures the following:
compliant - noncompliant - and unauthenticated
Request Policy
User Interface Settings
A certification authority - A web application

2. Which versions of Windows can act as NAP clients?
System Statement of Health Response (SSoHR)
System Statement of Health (SSoH)
scope
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.

3. For NAP to work - a network component must enforce NAP by either allowing or denying network access. The following list describes the different NAP enforcement types you can use:
Remote Desktop Gateways (RD Gateway).
RD Gateway
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
System Health Agents (SHAs)

4. The NAP health policy server uses its installed SHVs and the health requirement policies that you have configured to determine whether the NAP client ______.
per-IP address or a per-TCP/UDP port number
System Statement of Health Response (SSoHR)
meets health requirements
logging

5. With the DHCP servers enforcement type - only ______ computers receive an IP address that grants full network access; ______computers are granted an IP address with a subnet mask of 255.255.255.255 and no default gateway.
Enforcement Clients - User Interface Settings - Health Registration Settings
compliant - noncompliant
2008 (or Windows Server 2008 R2)
VPN servers

6. Win 7 - Win Vista - Win Server 2008 - Win Server 2008 R2 - and Win XP SP3 include an ______ that monitors Windows Security Center settings.
A certification authority - A web application
remediation
Win 7 - Win Vista - and Win XP SP3
SHA

7. You need to create outbound firewall rules only when you configure outbound connections to be ______.
System Health Validators (SHVs)
blocked by default
802.1X access points
compliant client computers

8. Each SHV produces a _____ - which can contain remediation instructions (such as the version number of an antivirus signature file) if the client doesn't meet that SHV's health requirements.
remediation
Statement of Health Response (SoHR)
compliant - noncompliant
VPN servers

9. The Private profile must be ______ applied to a network. The Public profile applies any time a ______ is not available - and a network has not been configured as Private.
manually - domain controller
monitoring-only
Network Policy And Access Services
SoHR

10. You can quickly verify a client's configuration by running the following command at a command prompt:
netsh nap client show state
requirement policies
DHCP servers
firewalls

11. You can configure client NAP settings using the three subnodes:
Enforcement Clients - User Interface Settings - Health Registration Settings
Request Policy
Local IP Address
worms

12. The firewall profiles are:
Domain - Private - Public
System health validators
drops
System Health Validators (SHVs)

13. By default - all versions of Windows (including Win Srvr 2008 R2) ______ outbound traffic.
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
requirement policies
do not filter
Connection request policy

14. The 802.1X access point applies the ACL to the connection and ______ all packets that are not allowed by the ACL.
drops
remediation
Windows Firewall With Advanced Security
Netstat

15. The NAP health policy server combines the SoHRs from the multiple SHVs into a ______.
SoHR
Request Policy
System Statement of Health Response (SSoHR)
netsh nap client show state

16. A group of servers that noncompliant clients can access is a ______.
2008 (or Windows Server 2008 R2)
An access control list (ACL) - A virtual local area network (VLAN)
netsh nap client show state
Remediation server group

17. NAP is designed to connect hosts to different network resources depending on their current ______.
Request Policy
Local IP Address
Statement of Health Response (SoHR)
health state

18. In networking - ______ analyze communications and drop packets that haven't been specifically allowed.
logging
drops
802.1X - VPN - or DHCP
firewalls

19. VLANs are identified using a VLAN identifier - which must be configured on the switch itself. You can then use NAP to specify in which VLAN the ______ computers are placed.
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
compliant - noncompliant - and unauthenticated
System Statement of Health Response (SSoHR)
Network Policy And Access Services

20. Each SHA on the NAP client validates its system health and generates an SoH. The NAP client combines the SoHs from multiple SHAs into a ______ - which includes version info for the NAP client and the set of SoHs for the installed SHAs.
Domain - Private - Public
System Statement of Health (SSoH)
DHCP servers
drops

21. The Domain firewall profile applies whenever a computer can communicate with its ______.
2008 (or Windows Server 2008 R2)
domain controller
IPsec connection security
noncompliant - compliant

22. The ______ enforcement type requires clients to perform a NAP health check before they can receive a health certificate.
Network Policy And Access Services
IPsec connection security
System health validators
meets health requirements

23. ______ allows you to verify that computers meet specific health requirements before granting them unlimited access to your internal network.
An access control list (ACL) - A virtual local area network (VLAN)
Network Access Protection (NAP)
RD Gateway
Network policy

24. The NAP client sends the SSoH to the NAP ______ through the NAP enforcement point.
per-IP address or a per-TCP/UDP port number
compliant - noncompliant - and unauthenticated
noncompliant - compliant
health policy server

25. NAP ______ allows you to identify noncompliant computers.
RD Gateway
Health policy - health policies
Windows Firewall With Advanced Security
logging

26. With VPN server enforcement enabled - only ______ are granted unlimited network access.
compliant client computers
Network Policy And Access Services
remediation
Network Policy And Access Services

27. 802.1X enforcement uses one of two methods to control which level of access compliant - noncompliant - and unauthenticated computers receive:
manually - domain controller
An access control list (ACL) - A virtual local area network (VLAN)
firewalls
worms

28. Configure the ______ policy to provide customized text (and - optionally - an image) that users will see as part of the NAP client interface.
User Interface Settings
Enforcement Clients - User Interface Settings - Health Registration Settings
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
Network Policy And Access Services

29. The ______ enforcement type uses a computer running Win Server 2008 or Win Server 2008 R2 and the DHCP Server service that provides IP addresses to intranet clients.
domain controller
Network Access Protection (NAP)
DHCP servers
scope

30. The ______ defines health requirements using SHV settings. Separate ______ must exist for both compliant and noncompliant clients.
Health policy - health policies
noncompliant - compliant
compliant - noncompliant - and unauthenticated
Connection request policy

31. Use the ______ snap-in to create an inbound firewall rule that allows a server application to receive incoming connections.
System health validators
Windows Firewall With Advanced Security
health policy server
System Statement of Health Response (SSoHR)

32. This installs the core NPS service - which is sufficient for using the Win Server 2008 computer as a RADIUS server for ______ - ______ - or ______ enforcement.
802.1X - VPN - or DHCP
Enforcement Clients
Windows Firewall With Advanced Security
monitoring-only

33. NAP depends on a Win Server 2008 or Win Server 2008 R2 NAP health policy server - which acts as a ______ server - to evaluate the health of client computers.
Enforcement Clients - User Interface Settings - Health Registration Settings
Connection request policy
RADIUS
monitoring-only

34. Use the ______ subnode to configure an HRA for IPsec NAP clients to use.
System Statement of Health Response (SSoHR)
RD Gateway
scope
Trusted Server Group

35. The ______ are the server components that analyze the SoH generated by the SHA and create an SoH Response (SoHR).
Domain - Private - Public
Health policy - health policies
System Health Validators (SHVs)
health policy server

36. Windows Firewall ______ identifies connections that Windows Firewall allows or blocks.
Testing - Monitoring - Limited access
Network Policy And Access Services
meets health requirements
logging

37. ______ enforcement does not provide remediation.
802.1X - VPN - or DHCP
Network Access Protection (NAP)
RD Gateway
An access control list (ACL) - A virtual local area network (VLAN)

38. The ______ defines the level of network access clients get based on which health policy they match.
Network policy
User Interface Settings
Group Policy
logging

39. You must enable one policy to configure clients to use this enforcement type.
System health validators
firewalls
noncompliant - compliant
Enforcement Clients

40. Typically - you apply an ACL to ______ computer connections and allow ______ computers to connect without an ACL (thus granting them unlimited network access).
Statement of Health Response (SoHR)
802.1X - VPN - or DHCP
monitoring-only
noncompliant - compliant

41. Use the ______ subnode to configure cryptographic settings for NAP clients (the default settings are typically fine).
remediation
Request Policy
Win 7 - Win Vista - and Win XP SP3
noncompliant - compliant

42. ______ define which health checks a client must meet to be considered compliant.
noncompliant - compliant
System Health Validators (SHVs)
System health validators
requirement policies

43. To install HRA - first install the ______ role - then select the Network Policy Server check box on the Select Role Services page.
User Interface Settings
Network Policy And Access Services
Network Access Protection (NAP)
VPN servers

44. You can also use IPsec connection security to allow healthy computers to ______ healthy computers.
Windows Firewall With Advanced Security
RD Gateway
communicate only with other
Trusted Server Group

45. When deploying NAP - plan to implement it in ______ mode first. This will allow you to identify and fix noncompliant computers before preventing them from connecting to your network.
Windows Firewall With Advanced Security
Network Policy And Access Services
monitoring-only
health policy server

46. One of the most powerful ways to increase computer security is to configure firewall ______.
DHCP servers
Domain - Private - Public
health policy server
scope

47. If a computer falls out of compliance after connecting to the 802.1X network - the 802.1X network access device can change the computer's ______.
System health validators
Network policy
blocked by default
network access

48. A health requirement policy is a combination of the following:
Enforcement Clients - User Interface Settings - Health Registration Settings
RD Gateway
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
System Health Validators (SHVs)

49. After configuring the NPS server - you must configure client computers for NAP. The easiest way to do this is to use ______ node.
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
802.1X access points
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
do not filter

50. By default - Windows Firewall (as well as most other firewalls) ______.