Your network contains an Active Directory domain named contoso.com. The domain contains servers that run either Windows Server 2008 R2 or Windows Server

2012.
All client computers on the internal network are joined to the domain. Some users establish VPN connections to the network by using Windows computers that do
not belong to the domain.
All client computers receive IP addresses by using DHCP.
You need to recommend a Network Access Protection (NAP) enforcement method to meet the following requirements:
Verify whether the client computers have up-to-date antivirus software. Provides a warning to users who have virus definitions that are out-of- date.
Ensure that client computers that have out-of-date virus definitions can connect to the network.
Which NAP enforcement method should you recommend?

A.
DHCP

B.
IPSec

C.
VPN

D.
802.1x

Explanation:
NAP enforcement for DHCP
DHCP enforcement is deployed with a DHCP Network Access Protection (NAP) enforcement server component, a DHCP enforcement client component, and
Network Policy Server (NPS). Using DHCP enforcement, DHCP servers and NPS can enforce health policy when a computer attempts to lease or renew an IP
version 4 (IPv4) address. However, if client computers are configured with a static IP address or are otherwise configured to circumvent the use of DHCP, this
enforcement method is not effective.
Note: The NAP health policy server can use a health requirement server to validate the health state of the NAP client or to determine the current version of software
or updates that need to be installed on the NAP client.
NAP Enforcement for DHCP
http://technet.microsoft.com/en-us/library/cc733020(v=ws.10).aspx