Which two settings should you configure?

Your network contains an Active Directory domain named adatum.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured
as a Network Policy Server (NPS) server and as a DHCP server.
The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP
scope for each subnet.
You need to ensure that noncompliant computers on Subnet1 receive different network
policies than noncompliant computers on Subnet2.
Which two settings should you configure? (Each correct answer presents part of the solution.
Choose two.)

Your network contains an Active Directory domain named adatum.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2. Server1 is configured
as a Network Policy Server (NPS) server and as a DHCP server.
The network contains two subnets named Subnet1 and Subnet2. Server1 has a DHCP
scope for each subnet.
You need to ensure that noncompliant computers on Subnet1 receive different network
policies than noncompliant computers on Subnet2.
Which two settings should you configure? (Each correct answer presents part of the solution.
Choose two.)

A.
The NAP-Capable Computers conditions

B.
The NAS Port Type constraints

C.
The Health Policies conditions

D.
The MS-Service Class conditions

E.
The Called Station ID constraints

Explanation:
The NAP health policy server uses the NPS role service with configured health policies and
system health validators (SHVs) to evaluate client health based on administrator-defined
requirements. Based on results of this evaluation, NPS instructs the DHCP server to provide
full access to compliant NAP client computers and to restrict access to client computers that
are noncompliant with health requirements.
If policies are filtered by DHCP scope, then MS-Service Class is configured in policy
conditions.



Leave a Reply 6

Your email address will not be published. Required fields are marked *


mina

mina

in some places it was A & D, could somebody please verify or give an explanation to this answer

a.l.i

a.l.i

Checked, you will need a Health Policy condition with the value of NAP DHCP Noncompliant.

Shaun

Shaun

Mina I also came up with A & D…

sysadmin

sysadmin

I think C and D is correct.

I think C and D is correct.

http://technet.microsoft.com/en-us/library/cc731560(v=ws.10).aspx

If you want to configure the MS-Service Class condition, click MS-Service Class, and then click Add. In Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile, and then click Add.
The MS-Service Class condition restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method.

If you want to configure the Health Policies condition, click Health Policies, and then click Add. In Health Policies, choose an existing health policy, and then click OK. If you have not yet configured health policies, click New, and then configure a new health policy.
The Health Policies condition restricts the policy to clients that meet the health criteria in the policy that you specify. “

evoken

evoken

It looks like ‘NAP’ capable computers relies on the result of the Health Policy.
So C and D.

Mark

Mark

Remember you are going to set two SHV’s: One for DHCP Compliant and another for DHCP Non-Compliant. Provide a server for the non-compliant machines to speak with to get compliant. I.E. 192.168.254.240 and subnet mask of 255.255.255.255.

So when you run the Route command at the command prompt you will see a route in the table that is restricting your access to the remediation server.