Your network contains an Active Directory domain named contoso.com. The domain contains client computers
that run Either Windows XP, Windows 7, or Windows 8.
Network Policy Server (NPS) is deployed to the domain.
You plan to create a system health validator (SHV).
You need to identify which policy settings can be applied to all of the computers.
Which three policy settings should you identify? (Each correct answer presents part of the solution. Choose
three.)A. Automatic updating is enabled.

B.
A firewall is enabled for all network connections.

C.
An antispyware application is on.

D.
Antispyware is up to date.

E.
Antivirus is up to date.

Explanation:
http://technet.microsoft.com/en-us/library/cc731260.aspx
* System health agent (SHA) is a NAP component.
* System health agent (SHA)
A component that checks the state of the client computer to determine whether the settings monitored by the
SHA are up-to-date and configured correctly. For example, the Windows Security Health Agent (WSHA) can
monitor Windows Firewall, whether antivirus software is installed, enabled, and updated, whether antispyware
software is installed, enabled, and updated, and whether Microsoft Update Services is enabled and the
computer has the most recent security updates from Microsoft Update Services. There might also be SHAs
(and corresponding system health validators) available from other companies that provide different functionality.