Your network contains an Active Directory domain named contoso.com. The domain
contains servers that run either Windows Server 2008 R2 or Windows Server 2012.
All client computers on the internal network are joined to the domain. Some users establish
VPN connections to the network by using Windows computers that do not belong to the
domain.
All client computers receive IP addresses by using DHCP.
You need to recommend a Network Access Protection (NAP) enforcement method to meet
the following requirements:
Verify whether the client computers have up-to-date antivirus software.
Provides a warning to users who have virus definitions that are out-of-date.
Ensure that client computers that have out-of-date virus definitions can connect to the
network.
Which NAP enforcement method should you recommend?

A.
DHCP

B.
IPSec

C.
VPN

D.
802.1x

Explanation:
http://technet.microsoft.com/en-us/library/cc733020(v=ws.10).aspx
NAP enforcement for DHCP
DHCP enforcement is deployed with a DHCP Network Access Protection (NAP)
enforcement server component, a DHCP enforcement client component, and Network Policy
Server (NPS).
Using DHCP enforcement, DHCP servers and NPS can enforce health policy when a
computer attempts to lease or renew an IP version 4 (IPv4) address. However, if client
computers are configured with a static IP address or are otherwise configured to circumvent
the use of DHCP, this enforcement method is not effective.