PrepAway - Latest Free Exam Questions & Answers

What should you create?

Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1. Server1 has the DHCP Server server role and the Network Policy Server role
service installed.
Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1
currently provides the same Network Access Protection (NAP) settings to the three scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)

You need to configure Server1 to provide unique NAP enforcement settings to the NAP noncompliant DHCP clients from Scope1.
What should you create?

PrepAway - Latest Free Exam Questions & Answers

A.
A connection request policy that has the Service Type condition

B.
A connection request policy that has the Identity Type condition

C.
A network policy that has the Identity Type condition

D.
A network policy that has the MS-Service Class condition

Explanation:
MS-Service Class
Restricts the policy to clients that have received an IP address from a DHCP scope that matches the
specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP
enforcement method. To use the MS-Service Class attribute, in Specify the profile name that
identifies your DHCP scope, type the name of an existing DHCP profile.
Open the NPS console, double-click Policies, click Network Policies, and then double-click the policy
you want to configure.
In policy Properties, click the Conditions tab, and then click Add. In Select condition, scroll to the
Network Access Protection group of conditions.
If you want to configure the Identity Type condition, click Identity Type, and then click Add. In
Specify the method in which clients are identified in this policy, select the items appropriate for your
deployment, and then click OK.

The Identity Type condition is used for the DHCP and Internet Protocol security (IPsec) enforcement
methods to allow client health checks when NPS does not receive an Access-Request message that
contains a value for the User-Name attribute; in this case, client health checks are performed, but
authentication and authorization are not performed.
If you want to configure the MS-Service Class condition, click MS-Service Class, and then click Add. In
Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile,
and then click Add.

The MS-Service Class condition restricts the policy to clients that have received an IP address from a
DHCP scope that matches the specified DHCP profile name. This condition is used only when you are
deploying NAP with the DHCP enforcement method.

httpHYPERLINK “http://technet.microsoft.com/en-us/library/cc731560(v=ws.10).aspx#_blank”:
//technetHYPERLINK “http://technet.microsoft.com/en-us/library/cc731560(v=ws.10).aspx#_blank”.
microsoftHYPERLINK “http://technet.microsoft.com/en-us/library/cc731560(v=ws.10).aspx#_blank”.
com/en-us/library/cc731560(v=wsHYPERLINK “http://technet.microsoft.com/enus/library/cc731560(v=ws.10).aspx#_blank”. 10)HYPERLINK “http://technet.microsoft.com/enus/library/cc731560(v=ws.10).aspx#_blank”. aspx
httpHYPERLINK “http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx#_blank”:
//technetHYPERLINK “http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx#_blank”.
microsoftHYPERLINK “http://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx#_blank”.
com/en-us/library/cc731220(v=wsHYPERLINK “http://technet.microsoft.com/enus/library/cc731220(v=ws.10).aspx#_blank”. 10)HYPERLINK “http://technet.microsoft.com/enus/library/cc731220(v=ws.10).aspx#_blank”. aspx


Leave a Reply