Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the
Network Policy Server role service installed.
You plan to configure Server1 as a Network Access Protection (NAP) health policy server for
VPN enforcement by using the Configure NAP wizard.
You need to ensure that you can configure the VPN enforcement method on Server1
successfully.
What should you install on Server1 before you run the Configure NAP wizard?
A.
A system health validator (SHV)
B.
The Host Credential Authorization Protocol (HCAP)
C.
A computer certificate
D.
The Remote Access server role
Explanation:
Configure NAP enforcement for VPN
This checklist provides the steps required to deploy computers with Routing and Remote
Access Service installed and configured as VPN servers with Network Policy Server (NPS)
and Network Access Protection (NAP).
the explain confirmed D- RAS
any idea guys ?
It’s C.
Try walking through the Configure NAP wizard.
RAS is installed on the server acting as a VPN connection point. It doesn’t have to be the NPS server.
The Windows Security Health Validator is a SHV that’s installed by default.
HCAP is for Cisco integration.
You NEED a certificate and can’t install it through the wizard, so it’s the only answer you HAVE to do.
“Before performing this procedure, you must install a certificate for Protected Extensible Authentication Protocol (PEAP) authentication”
https://technet.microsoft.com/en-us/library/dd314165(v=ws.10)
But if you don’t use PEAP, Do you need a certificate? Indeed you need SHV…
agree you need a certificate
C