PrepAway - Latest Free Exam Questions & Answers

Which servers should you identify?

DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain
contains five servers. The servers are configured as shown in the following table.

You plan to implement Network Access Protection (NAP) with IPSec enforcement on all client computers.
You need to identify on which servers you must perform the configurations for the NAP deployment.
Which servers should you identify? To answer, drag the appropriate servers to the correct
actions. Each server may be used once, more than once, or not at all. You may need to drag
the split bar between panes or scroll to view content.)

PrepAway - Latest Free Exam Questions & Answers

Answer:

Explanation:

15 Comments on “Which servers should you identify?

    2. Dutch says:

      I think it would be:

      Create Health Policies: Server 4
      Configure NAP Enforcement method: Server 3
      Create remediation server group: Server 1 (because you have not to configure configure it for NAP with IPsec Enforcement

      See Microsoft article from Emo




      0



      0
  3. eric says:

    1. Answer: is Server3
    You can create health policies in Network Policy Server (NPS) by naming the policy, setting the type of client system health validator (SHV) check, and adding one or more SHVs to the new health policy.

    https://technet.microsoft.com/en-us/library/cc726005(v=ws.10).aspx

    2. Answer is server 1

    NAP clients in a domain environment are typically configured through Group Policy. When a NAP client computer receives NAP settings from Group Policy, it will ignore its local settings. For example, it is not possible to enable one NAP enforcement client in Group Policy and another enforcement client in local policy. To configure NAP client settings in Group Policy, you must use a computer with the Group Policy Management feature installed. This feature is installed automatically on a domain controller running Windows Server 2008 and Windows Server 2008 R2. This feature can be installed on a member server running Windows Server 2008 or Windows Server 2008 R2. You can use Group Policy to configure NAP settings on NAP clients running Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows 7, and Windows XP SP3.
    https://msdn.microsoft.com/en-us/library/dd125319(v=ws.10).aspx

    3. Answer is Server3
    You configure remediation server groups on the Network Policy Server and reference a particular remediation server group as part of the network policy for non-compliant computers.
    https://technet.microsoft.com/en-us/library/bb681061.aspx

    https://technet.microsoft.com/fr-fr/library/dd314153(v=ws.10).aspx




    0



    0
    1. Tobi G says:

      That is wrong. You do not use a remeditation server group within an IPSec enforcement scenario. The link descripts an implementation of NAP DHCP-Enforcement.

      Two different things buddy.

      NAP with IPSec Enforcement uses the IPSec Firewall settings to decide which computer is allowed to communicate or not.

      eric is right. You must tell the client if and which NAP enforcement he has to use. This is done by a GPO.

      -> Microsoft provides a Step-by-step guide. Read that: https://www.microsoft.com/en-us/download/details.aspx?id=12609




      0



      0
  6. Everaldo says:

    Server 3 -> Create health policies
    Configure NPS as a NAP health policy server…
    Server 4 -> Configure the NAP enforcement method
    To implement IPsec enforcement, you must install additional software components on the network. You must have a Health Registration Authority (HRA) to act as an enforcement point, and a CA to generate health certificates…
    Server 1 -> Domain Controller
    with IPsec NAP enforcement, all remediation servers should be configured as boundary servers




    0



    0
  8. Tim McNuggets says:

    I think everyone agrees Create Health Policies is Server 3.

    From MSDN:
    ‘You can configure NAP clients through Group Policy or local computer policy’

    So Answer for Configure the NAP Enforcement method: Server 1

    From TechNet:
    ‘You configure remediation server groups on the Network Policy Server and reference a particular remediation server group as part of the network policy for non-compliant computers

    So Answer is:
    Create Health Policies: Server 3
    Configure NAP Enforcement method: Server 1
    Create remediation server group: Server 3




    0



    0
  9. OSA says:

    For remediation server group, answer is server1 (GPO on DC).

    “To allow noncompliant computers to access servers offering system or antivirus updates, some additional configuration of these servers is needed to prevent network traffic from being blocked. The method to enable this network traffic through depends on the enforcement method used, but it can be as easy as assigning a static IP address (for DHCP enforcement) or configuring less-restrictive IPsec policies using a GPO.”

    Paul Ferrill; Tim Ferrill. Exam Ref 70-413: Designing and Implementing a Server Infrastructure.

    For step by step configuration :
    http://www.microsoft.com/en-us/download/details.aspx?id=12609




    0



    0
  10. Steve Balmer says:

    Answers are:

    Health Policies: Server3
    NAP enforcement method: Server1
    Remediation Server groups: Server1

    IPsec enforcement

    In an IPsec enforcement design, remediation servers should be placed in the IPsec logical boundary network. You must issue NAP exemption certificates to remediation servers and configure IPsec policy so that they can freely communicate with noncompliant computers. Placing remediation servers in a remediation servers group in the NPS console has no effect on access to these servers when you use NAP with IPsec enforcement.




    1



    0

Leave a Reply