70-411 Server 2012 Quiz 14

10 September 2022
4.7 (114 reviews)
20 test answers

Unlock all answers in this set

Unlock answers (16)
question
Network Access Protection (NAP) is Microsoft's software for controlling network access of computers based on what?
answer
a computer's overall health
question
Because NAP is provided by _________, you need to install _________ to install NAP.
answer
NPS, NPS
question
DHCP enforcement is not available for what kind of clients?
answer
IPv6
question
What type of Active Directory domain controller is recommended to minimize security risks for remediation servers?
answer
Read-Only
question
When you fully engage NAP for remediation enforcement, what mode do you place the policy in?
answer
Isolation
question
To verify a NAP client's configuration, which command would you run?
answer
netsh nap client show state
question
Why do you need a web server as part of your NAP remediation infrastructure?
answer
to provide user information in case of a compliance failure
question
Where do you look to find out which computers are blocked and which are granted access via NAP?
answer
the NAP Server Event Viewer
question
You should restrict access only for clients that don't have all available security updates installed, if what situation exists?
answer
the computers are running Windows Update
question
What happens to a computer that isn't running Windows Firewall?
answer
The computer is isolated
question
To use the NAP-compliant policy, the client must do what?
answer
pass all SHV checks
question
Which computers are not affected by VPN enforcement?
answer
locally connected computers
question
When enabling NAP for DHCP scopes, how should you roll out the service?
answer
for individual DHCP scopes
question
What is the purpose of the System Health Agent (SHA)?
answer
Either to provide feedback on the status of system protection and updates OR to provide feedback to the system for CPU, memory, and disk health
question
Why is monitoring system health so important?
answer
to maintain a safe computing environment
question
Why would you set up a monitor-only NAP policy on your network?
answer
You are testing your NAP rollout before implementation
question
These Windows computers don't typically move much and are part of the domain. Because they are part of the domain, they are easier to manage with group policies, managed anti-virus/anti-malware systems, and administrative control.
answer
desktop computers
question
These Windows computers are not usually connected directly to the network but connect through a VPN connection. Because they are usually personal computers, they are not part of the domain. Therefore, they usually do not get security updates and might not have an up-to-date anti-virus/anti-malware software package.
answer
unmanaged home computers
question
These Windows computers are unmanaged computers often used by consultants or vendors who need to connect to your organization's network. Because they are unmanaged, they might not have the newest up-to-date security patches and an up-to-date anti-virus/anti-malware software package.
answer
visiting laptops
question
These Windows computers move often and might not be connected to the organization's network office. Because they are typically part of the domain, they can be managed but might not get the newest updates because they are not always connected to the network.
answer
roaming laptops