Your network contains an Active Directory domain named contoso.com. All servers run
Windows Server 2012 R2. The domain contains two servers. The servers are configured as
shown in the following table.
All client computers run Windows 8 Enterprise.
You plan to deploy Network Access Protection (NAP) by using IPSec enforcement.
A Group Policy object (GPO) named GPO1 is configured to deploy a trusted server group to
all of the client computers.
You need to ensure that the client computers can discover HRA servers automatically.
Which three actions should you perform? (Each correct answer presents part of the solution.
Choose three.)
A.
On all of the client computers, configure the EnableDiscovery registry key.
B.
In a GPO, modify the Request Policy setting for the NAP Client Configuration.
C.
On Server2, configure the EnableDiscovery registry key.
D.
On DC1, create an alias (CNAME) record.
E.
On DC1, create a service location (SRV) record.
Explanation:
Requirements for HRA automatic discovery
The following requirements must be met in order to configure trusted server groups on NAP
client computers using HRA automatic discovery:
Client computers must be running Windows Vista® with Service Pack 1 (SP1) or Windows
XP with Service Pack 3 (SP3).
The HRA server must be configured with a Secure Sockets Layer (SSL) certificate.
The EnableDiscovery registry key must be configured on NAP client computers.
DNS SRV records must be configured.
The trusted server group configuration in either local policy or Group Policy must be
cleared.
http: //technet. microsoft. com/en-us/library/dd296901 . aspx
Configure HRA Automatic Discovery
https://msdn.microsoft.com/en-us/library/dd296901%28v=ws.10%29.aspx
Requirements for HRA automatic discovery
The following requirements must be met in order to configure trusted server groups on NAP client computers using HRA automatic discovery:
Client computers must be running Windows Vista® with Service Pack 1 (SP1) or Windows XP with Service Pack 3 (SP3).
The HRA server must be configured with a Secure Sockets Layer (SSL) certificate.
The EnableDiscovery registry key must be configured on NAP client computers.
DNS SRV records must be configured.
The trusted server group configuration in either local policy or Group Policy must be cleared.
answer is A,B,E