Test your basic knowledge |

MCTS: Configuring Windows Firewall And Network Access Protection

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IPsec enforcement requires a CA running Win Server ______ or ________ Certificate Services and NAP to support health certificates.






2. In the case of _____ - automated software attacks computers across the Internet - gains elevated privileges - copies itself to the compromised computer - and then begins attacking other computers (typically at random).






3. IPsec enforcement allows you to require health compliance on a ______ or a ______ basis.






4. If a computer falls out of compliance after connecting to the 802.1X network - the 802.1X network access device can change the computer's ______.






5. If you use Remote Desktop to allow users to control their desktops from remote computers across the Internet - you can use the ______ enforcement type to block access unless the client computer passes a health check.






6. Typically - a NAP deployment occurs in three phases:






7. If an application must accept incoming connections but the developers have not documented the communication ports that the application uses - you can use the ______ tool to identify which ports the application listens on.






8. Which versions of Windows can act as NAP clients?






9. ______ allows you to verify that computers meet specific health requirements before granting them unlimited access to your internal network.






10. Each SHV produces a _____ - which can contain remediation instructions (such as the version number of an antivirus signature file) if the client doesn't meet that SHV's health requirements.






11. ______ define which health checks a client must meet to be considered compliant.






12. Which NAP enforcement types do not require support from your network infrastructure?






13. The NAP client sends the SSoH to the NAP ______ through the NAP enforcement point.






14. You can quickly verify a client's configuration by running the following command at a command prompt:






15. After configuring the NPS server - you must configure client computers for NAP. The easiest way to do this is to use ______ node.






16. By default - all versions of Windows (including Win Srvr 2008 R2) ______ outbound traffic.






17. To install NAP - first install the ______ role - then select the Network Policy Server check box on the Select Role Services page.






18. VLANs are identified using a VLAN identifier - which must be configured on the switch itself. You can then use NAP to specify in which VLAN the ______ computers are placed.






19. The Private profile must be ______ applied to a network. The Public profile applies any time a ______ is not available - and a network has not been configured as Private.






20. Use the ______ snap-in to create an inbound firewall rule that allows a server application to receive incoming connections.






21. Windows Firewall ______ identifies connections that Windows Firewall allows or blocks.






22. NAP is designed to connect hosts to different network resources depending on their current ______.






23. Configure the ______ policy to provide customized text (and - optionally - an image) that users will see as part of the NAP client interface.






24. A ______ determines whether a request should be processed by NPS.






25. The only time you would want to configure the scope using the ______ group is when the computer is configured with multiple IP addresses - and you do not want to accept connections on all IP addresses.






26. The ______ enforcement type requires clients to perform a NAP health check before they can receive a health certificate.






27. NAP health validation takes place between two components:






28. The ______ are the server components that analyze the SoH generated by the SHA and create an SoH Response (SoHR).






29. You can configure client NAP settings using the three subnodes:






30. In networking - ______ analyze communications and drop packets that haven't been specifically allowed.






31. The ______ enforcement type uses Ethernet switches or wireless access points that support 802.1X authentication.






32. The ______ defines the level of network access clients get based on which health policy they match.






33. The firewall profiles are:






34. The ______ are the client components that create a Statement of Health (SoH) containing a description of the health of the client computer.






35. The ______ enforcement type uses a computer running Win Server 2008 or Win Server 2008 R2 and the DHCP Server service that provides IP addresses to intranet clients.






36. Health ______ determine which clients must meet health requirements - what those health requirements are - and what happens if a client cannot comply.






37. Win 7 - Win Vista - Win Server 2008 - Win Server 2008 R2 - and Win XP SP3 include an ______ that monitors Windows Security Center settings.






38. To install HRA - first install the ______ role - then select the Network Policy Server check box on the Select Role Services page.






39. A health requirement policy is a combination of the following:






40. A group of servers that noncompliant clients can access is a ______.






41. Each SHA on the NAP client validates its system health and generates an SoH. The NAP client combines the SoHs from multiple SHAs into a ______ - which includes version info for the NAP client and the set of SoHs for the installed SHAs.






42. The Domain firewall profile applies whenever a computer can communicate with its ______.






43. The ______ type enforces NAP for remote access connections using a VPN server running Win Server 2008 or Win Server 2008 R2 and Routing and Remote Access.






44. The NAP health policy server uses the ______ to determine the level of access the client computer should have and whether any remediation is necessary.






45. With 802.1X - compliant computers are granted full network access - and noncompliant computers are connected to a ______ network or completely prevented from connecting to the network.






46. For NAP to work - a network component must enforce NAP by either allowing or denying network access. The following list describes the different NAP enforcement types you can use:






47. With VPN server enforcement enabled - only ______ are granted unlimited network access.






48. The 802.1X access point applies the ACL to the connection and ______ all packets that are not allowed by the ACL.






49. This installs the core NPS service - which is sufficient for using the Win Server 2008 computer as a RADIUS server for ______ - ______ - or ______ enforcement.






50. With the DHCP servers enforcement type - only ______ computers receive an IP address that grants full network access; ______computers are granted an IP address with a subnet mask of 255.255.255.255 and no default gateway.