HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two
servers named Server1 and Server2. Server1 has the Network Policy Server server role installed.
Server2 has the DHCP Server server role installed. Both servers run Windows Server 2012 R2.
You are configuring Network Access Protection (NAP) to use DHCP enforcement.
You configure a DHCP scope as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that non-compliant NAP clients receive different DHCP options than compliant
NAP clients.
What should you configure on each server? To answer, select the appropriate options for each
server in the answer area.
Answer: See the explanation
Explanation:
Health Policies
Server Options
* Health policy on the NAP server.
* The DHCP server must be NAP enabled.Note: With DHCP enforcement, a computer must be compliant to obtain an unlimited access IP
address configuration from a DHCP server. For noncompliant computers, network access is limited
by an IP address configuration that allows access only to the restricted network. DHCP enforcement
enforces health policy requirements every time a DHCP client attempts to lease or renew an IP
address configuration. DHCP enforcement also actively monitors the health status of the NAP client
and renews the IPv4 address configuration for access only to the restricted network if the client
becomes noncompliant.
Wrong answer, as per screenshot NAP is already enabled for the DHCP Scope. The next step would be defining both Healthy/Unhealthy policies.
0
0
Server1: Health Policies
Server2: A policy
Not Server options, which is irrelevant, NAP is already enabled on the scope, next policies based off the NAP user class must be created so that healthy/unhealthy scopes can be defined.
2
0
Agreed. Just replicated on my LIVE DHCP server at the office. Tested and it worked.
Server 1 – Health Policy
I only say this as the MS-Service class is WITHIN the Health Policy. It could VERY WELL BE the MS-Service class.
Server 2 – Policy (in DHCP)
It specifies for NON-compliant NAP devices. Setting the scope options are ALREADY SHOWN in the exhibit. Server options are irrelevant. Filters won’t help. User/Vendor class are for older DHCP (2008); however, they’re now handled as a POLICY, which when configured, will ensure that NON-COMPLIANT devices are within a separate DHCP scope specified IN THE POLICY.
0
0
^ a policy for server two is correct for windows 2012…
1
0
http://msdn.microsoft.com/en-us/library/dd125315(v=ws.10).aspx
It’s health policies for server1 and scope options for server2
0
1
Scope options on Server2
ExamRef 70-411, p253
“On DHCP server, select the properties for the DHCP scope on which you want to enforce NAP and enable Network Address Protection settings for the scope …”
0
0
As stated by others Health Policy would be set on Server 1.
On Server2, the Scope options would be set. Example: Scope1 would have NAP enabled for the scope in the Scope Properties\Network Access Protection Tab. A second scope Scope2 would have NAP disabled for the scope and would assign and IP from a subnet with limited network access.
0
0