You are a network administrator of an Active Directory domain named contoso.com.
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the
DHCP Server server role and the Network Policy Server role service installed.
You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1.
You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP
clients.
Which criteria should you specify when you create the DHCP policy?
A.
The client identifier
B.
The user class
C.
The vendor class
D.
The relay agent information
Explanation:
To configure a NAP-enabled DHCP server
1. On the DHCP server, click Start, click Run, in Open, type dhcpmgmt. smc, and then
press ENTER.
2. In the DHCP console, open <servername>\IPv4.
3. Right-click the name of the DHCP scope that you will use for NAP client computers,
and then click Properties.
4. On the Network Access Protection tab, under Network Access Protection Settings,
choose Enable for this scope, verify that Use default Network Access Protection profile is
selected, and then click OK.
5. In the DHCP console tree, under the DHCP scope that you have selected, right-click
Scope Options, and then click Configure Options.
6. On the Advanced tab, verify that Default User Class is selected next to User class.7. Select the 003 Router check box, and in IP Address, under Data entry, type the IP
address for the default gateway used by compliant NAP client computers, and then click
Add.
8. Select the 006 DNS Servers check box, and in IP Address, under Data entry, type
the IP address for each router to be used by compliant NAP client computers, and then click
Add.
9. Select the 015 DNS Domain Name check box, and in String value, under Data entry,
type your organization’s domain name (for example, woodgrovebank. local), and then click
Apply. This domain is a full-access network assigned to compliant NAP clients.
10. On the Advanced tab, next to User class, choose Default Network Access Protection
Class.
11. Select the 003 Router check box, and in IP Address, under Data entry, type the IP
address for the default gateway used by noncompliant NAP client computers, and then click
Add. This can be the same default gateway that is used by compliant NAP clients.
12. Select the 006 DNS Servers check box, and in IP Address, under Data entry, type
the IP address for each DNS server to be used by noncompliant NAP client computers, and
then click Add. These can be the same DNS servers used by compliant NAP clients.
13. Select the 015 DNS Domain Name check box, and in String value, under Data entry,
type a name to identify the restricted domain (for example, restricted. Woodgrovebank.
local), and then click OK. This domain is a restricted-access network assigned to
noncompliant NAP clients.
14. Click OK to close the Scope Options dialog box.
15. Close the DHCP console.
http: //technet.microsoft.com/en-us/library/dd296905%28v=ws.10%29.aspx
https://ripusudan.wordpress.com/2013/03/19/how-to-configure-nap-enforcement-for-dhcp/
http://technet.microsoft.com/en-us/library/cc775694(v=ws.10).aspx
Answer is C. You need a vendor class to separate out by OS as Microsoft OS is the only NAP capable OS.
Question is about non-compliance, not about non-capability.
Answer is B not C
B
https://technet.microsoft.com/en-au/library/dn425039.aspx
Vendor Class: Vendor managed DHCP option assignments.
User Class: Non-standard DHCP option assignments.
The client’s vendor class and MAC prefix are included in the DHCPREQUEST packet along with the gateway IP address << thus not configurable if client is non compliant
The answer is correct but the explanation regards Windows 2003/2008
The user class has to be defined by policy.
The answer is correct.
If you aren’t sure, please don’t write here!