What should you create?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named
Server1. Server1 has the DHCP Server server role and the Network Policy Server role service installed.
Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently
provides the same Network Access Protection (NAP) settings to the three scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)

You need to configure Server1 to provide unique NAP enforcement settings to the NAP non- compliant DHCP
clients from Scope1.
What should you create?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named
Server1. Server1 has the DHCP Server server role and the Network Policy Server role service installed.
Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently
provides the same Network Access Protection (NAP) settings to the three scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)

You need to configure Server1 to provide unique NAP enforcement settings to the NAP non- compliant DHCP
clients from Scope1.
What should you create?

A.
A connection request policy that has the Service Type condition

B.
A connection request policy that has the Identity Type condition

C.
A network policy that has the Identity Type condition

D.
A network policy that has the MS-Service Class condition

Explanation:
MS-Service Class
Restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified
DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement
method. To use the MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope,
type the name of an existing DHCP profile.
Open the NPS console, double-click Policies, click Network Policies, and then double-click the policy you want
to configure.
In policy Properties, click the Conditions tab, and then click Add. In Select condition, scroll to the Network
Access Protection group of conditions.
If you want to configure the Identity Type condition, click Identity Type, and then click Add. In Specify themethod in which clients are identified in this policy, select the items appropriate for your deployment, and then
click OK.
The Identity Type condition is used for the DHCP and Internet Protocol security (IPsec) enforcement methods
to allow client health checks when NPS does not receive an Access-Request message that contains a value for
the User-Name attribute; in this case, client health checks are performed, but authentication and authorization
are not performed.
If you want to configure the MS-Service Class condition, click MS-Service Class, and then click Add. In Specify
the profile name that identifies your DHCP scope, type the name of an existing DHCP profile, and then click
Add.

The MS-Service Class condition restricts the policy to clients that have received an IP address from a DHCP
scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP
with the DHCP enforcement method.

http://technet.microsoft.com/en-us/library/cc731560(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx



Leave a Reply 0

Your email address will not be published. Required fields are marked *