SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MCTS: Configuring Windows Firewall And Network Access Protection
Start Test
Study First
Subjects
:
certifications
,
mcts
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IPsec enforcement allows you to require health compliance on a ______ or a ______ basis.
Windows Firewall With Advanced Security
scope
per-IP address or a per-TCP/UDP port number
netsh nap client show state
2. The firewall profiles are:
System Health Validators (SHVs)
System Statement of Health Response (SSoHR)
Domain - Private - Public
blocks any inbound traffic that hasn't been specifically allowed
3. When deploying NAP - plan to implement it in ______ mode first. This will allow you to identify and fix noncompliant computers before preventing them from connecting to your network.
health state
monitoring-only
Domain - Private - Public
communicate only with other
4. With the DHCP servers enforcement type - only ______ computers receive an IP address that grants full network access; ______computers are granted an IP address with a subnet mask of 255.255.255.255 and no default gateway.
compliant - noncompliant
compliant - noncompliant - and unauthenticated
2008 (or Windows Server 2008 R2)
requirement policies
5. 802.1X enforcement uses one of two methods to control which level of access compliant - noncompliant - and unauthenticated computers receive:
User Interface Settings
An access control list (ACL) - A virtual local area network (VLAN)
SHA
drops
6. The ______ defines the level of network access clients get based on which health policy they match.
compliant - noncompliant
manually - domain controller
domain controller
Network policy
7. Each SHA on the NAP client validates its system health and generates an SoH. The NAP client combines the SoHs from multiple SHAs into a ______ - which includes version info for the NAP client and the set of SoHs for the installed SHAs.
worms
Network Access Protection (NAP)
manually - domain controller
System Statement of Health (SSoH)
8. ______ enforcement does not provide remediation.
Testing - Monitoring - Limited access
compliant - noncompliant
Domain - Private - Public
RD Gateway
9. Use the ______ subnode to configure cryptographic settings for NAP clients (the default settings are typically fine).
compliant - noncompliant
Request Policy
logging
Testing - Monitoring - Limited access
10. The Private profile must be ______ applied to a network. The Public profile applies any time a ______ is not available - and a network has not been configured as Private.
An access control list (ACL) - A virtual local area network (VLAN)
manually - domain controller
802.1X access points
Win 7 - Win Vista - and Win XP SP3
11. The ______ are the server components that analyze the SoH generated by the SHA and create an SoH Response (SoHR).
2008 (or Windows Server 2008 R2)
System health validators
VPN servers
System Health Validators (SHVs)
12. Which NAP enforcement types do not require support from your network infrastructure?
RADIUS
802.1X access points
do not filter
IPsec connection security - DHCP - and VPN enforcement do not require support from your network infrastructure.
13. In the case of _____ - automated software attacks computers across the Internet - gains elevated privileges - copies itself to the compromised computer - and then begins attacking other computers (typically at random).
worms
Windows Firewall With Advanced Security
Netstat
System Health Agents (SHAs)
14. You must enable one policy to configure clients to use this enforcement type.
802.1X access points
Enforcement Clients
communicate only with other
blocked by default
15. The Domain firewall profile applies whenever a computer can communicate with its ______.
Win 7 - Win Vista - and Win XP SP3
SoHR
Statement of Health Response (SoHR)
domain controller
16. Typically - you apply an ACL to ______ computer connections and allow ______ computers to connect without an ACL (thus granting them unlimited network access).
noncompliant - compliant
System Statement of Health (SSoH)
Network Access Protection (NAP)
Local IP Address
17. The NAP health policy server uses the ______ to determine the level of access the client computer should have and whether any remediation is necessary.
Network Policy And Access Services
scope
SoHR
IPsec connection security
18. The 802.1X access point applies the ACL to the connection and ______ all packets that are not allowed by the ACL.
drops
Remediation server group
System Health Agents (SHAs) - System Health Validators (SHVs)
User Interface Settings
19. For NAP to work - a network component must enforce NAP by either allowing or denying network access. The following list describes the different NAP enforcement types you can use:
Statement of Health Response (SoHR)
Remote Desktop Gateways (RD Gateway).
Network Policy And Access Services
manually - domain controller
20. A health requirement policy is a combination of the following:
health state
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
scope
Statement of Health Response (SoHR)
21. VLANs are identified using a VLAN identifier - which must be configured on the switch itself. You can then use NAP to specify in which VLAN the ______ computers are placed.
compliant - noncompliant - and unauthenticated
Network Policy And Access Services
An access control list (ACL) - A virtual local area network (VLAN)
System Health Agents (SHAs) - System Health Validators (SHVs)
22. If a computer falls out of compliance after connecting to the 802.1X network - the 802.1X network access device can change the computer's ______.
Network Policy And Access Services
domain controller
noncompliant - compliant
network access
23. Installing the HRA role service configures the following:
do not filter
scope
A certification authority - A web application
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
24. Win Server 2008 and Win Server 2008 R2 include an SHV that corresponds to the SHA built into Windows ______.
network access
Win 7 - Win Vista - and Win XP SP3
do not filter
SoHR
25. With VPN server enforcement enabled - only ______ are granted unlimited network access.
compliant client computers
User Interface Settings
Network policy
network access
26. The NAP client sends the SSoH to the NAP ______ through the NAP enforcement point.
SHA
Request Policy
Domain - Private - Public
health policy server
27. The NAP health policy server combines the SoHRs from the multiple SHVs into a ______.
System Statement of Health Response (SSoHR)
VPN servers
SHA
Network Access Protection (NAP)
28. Which versions of Windows can act as NAP clients?
Connection request policy
firewalls
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
requirement policies
29. ______ is the most effective way to configure firewall settings for all computers in a domain.
Group Policy
Win 7 - Win Vista - and Win XP SP3
System Health Validators (SHVs)
RADIUS
30. The ______ enforcement type uses a computer running Win Server 2008 or Win Server 2008 R2 and the DHCP Server service that provides IP addresses to intranet clients.
blocks any inbound traffic that hasn't been specifically allowed
network access
DHCP servers
Testing - Monitoring - Limited access
31. You need to create outbound firewall rules only when you configure outbound connections to be ______.
per-IP address or a per-TCP/UDP port number
blocked by default
network access
monitoring-only
32. ______ define which health checks a client must meet to be considered compliant.
blocks any inbound traffic that hasn't been specifically allowed
System health validators
Win 7 - Win Vista - and Win XP SP3
Testing - Monitoring - Limited access
33. The ______ defines health requirements using SHV settings. Separate ______ must exist for both compliant and noncompliant clients.
health policy server
compliant - noncompliant
Statement of Health Response (SoHR)
Health policy - health policies
34. The NAP health policy server sends the SSoHR back to the NAP client through the NAP enforcement point. The NAP enforcement point can now connect a ______ computer to the network or connect a ______ computer to a remediation network.
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
domain controller
DHCP servers
compliant - noncompliant
35. Health ______ determine which clients must meet health requirements - what those health requirements are - and what happens if a client cannot comply.
Remote Desktop Gateways (RD Gateway).
requirement policies
manually - domain controller
Group Policy
36. Each SHV produces a _____ - which can contain remediation instructions (such as the version number of an antivirus signature file) if the client doesn't meet that SHV's health requirements.
blocked by default
Statement of Health Response (SoHR)
Network Policy And Access Services
Local IP Address
37. NAP is designed to connect hosts to different network resources depending on their current ______.
Network Policy And Access Services
blocks any inbound traffic that hasn't been specifically allowed
health state
compliant - noncompliant - and unauthenticated
38. By default - Windows Firewall (as well as most other firewalls) ______.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
39. To install HRA - first install the ______ role - then select the Network Policy Server check box on the Select Role Services page.
Statement of Health Response (SoHR)
Network Policy And Access Services
manually - domain controller
noncompliant - compliant
40. One of the most powerful ways to increase computer security is to configure firewall ______.
Network Policy And Access Services
scope
A certification authority - A web application
logging
41. Typically - a NAP deployment occurs in three phases:
Connection request policy
802.1X - VPN - or DHCP
meets health requirements
Testing - Monitoring - Limited access
42. The ______ are the client components that create a Statement of Health (SoH) containing a description of the health of the client computer.
Enforcement Clients - User Interface Settings - Health Registration Settings
System Health Agents (SHAs)
802.1X access points
Group Policy
43. In networking - ______ analyze communications and drop packets that haven't been specifically allowed.
RD Gateway
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
firewalls
User Interface Settings
44. By default - all versions of Windows (including Win Srvr 2008 R2) ______ outbound traffic.
compliant - noncompliant
manually - domain controller
do not filter
RADIUS
45. The ______ enforcement type uses Ethernet switches or wireless access points that support 802.1X authentication.
health state
802.1X access points
System Statement of Health Response (SSoHR)
Domain - Private - Public
46. You can quickly verify a client's configuration by running the following command at a command prompt:
System Statement of Health (SSoH)
IPsec connection security
firewalls
netsh nap client show state
47. You can configure client NAP settings using the three subnodes:
blocked by default
RD Gateway
Enforcement Clients - User Interface Settings - Health Registration Settings
compliant - noncompliant - and unauthenticated
48. NAP depends on a Win Server 2008 or Win Server 2008 R2 NAP health policy server - which acts as a ______ server - to evaluate the health of client computers.
monitoring-only
RADIUS
Enforcement Clients
Win XP SP3 - Win Vista - Win 7 - Win Server 2008 - and Win Server 2008 R2.
49. This installs the core NPS service - which is sufficient for using the Win Server 2008 computer as a RADIUS server for ______ - ______ - or ______ enforcement.
worms
An access control list (ACL) - A virtual local area network (VLAN)
Connection request policy
802.1X - VPN - or DHCP
50. After configuring the NPS server - you must configure client computers for NAP. The easiest way to do this is to use ______ node.
An access control list (ACL) - A virtual local area network (VLAN)
GPO settings in the Computer ConfigurationPoliciesWindows SettingsSecurity SettingsNetwork Access ProtectionNAP Client Configuration
Connection request policy - System health validators - Remediation server group - Health policy - Network policy
Network Policy And Access Services