HOTSPOT
Your network contains an Active Directory forest named northwindtraders.com.
The client computers in the finance department run either Windows 8.1, Windows 8, or
Windows 7. All of the client computers in the marketing department run Windows 8.1.
You need to design a Network Access Protection (NAP) solution for northwindtraders.com
that meets the following requirements:
The client computers in the finance department that run Windows 7 must have a firewall
enabled and the antivirus software must be up-to-date.
The finance computers that run Windows 8.1 or Windows 8 must have automatic updating
enabled and the antivirus software must be up-to-date.
The client computers in the marketing department must have automatic updating enabled
and the antivirus software must be up-to-date.
If a computer fails to meet its requirements, the computers must be provided access to a
limited set of resources on the network.
If a computer meets its requirements, the computer must have full access to the network.
What is the minimum number of objects that you should create to meet the requirements?
To answer, select the appropriate number for each object type in the answer area.
Answer: 
Explanation:
Wrong Answer.
Take a look at this statement “What is the minimum number of OBJECTS that you should create to meet the requirements?”
The question is about how many OBJECTS nothing else. I believe it should be 3 3 3.
Health Policies: 3
Network Policies: 3
System Health Validator Settings: 3
The question is about how many objects do we need to create for each condition nothing else.
So its clear for every condition we need to create a separate object containing the settings of its respective condition.
Hope this helps.
I am still confused on this, tried in test lab and still concept is not clear. Some time I guess it should be 1 1 1 . But other moment I guess it should be 2 2 1. As mentioned in above comment I am still confused how it become 3 3 3.
Please please can some one give me perfect answer to this question.
My answer is:
Health Policies: 4
Network Policies: 4
System Health Validator Settings: 2
Tested in my lab.
SHV
1) firewall + Antivirus up to date
2) Windows automatic updates + Antivirus up to date
health policy
1) meet shv 1
2) meet shv 2
3) doesn’t meet shv 1
4) doesn’t meet shv 2
network policy
1) If OS grant access
2) If OS deny access
3) If OS > Win7 AND health policy 2 –> grant access
4) If OS > Win7 AND health policy 4 –> deny access
netwok policy
1) If OS grant access
2) If OS deny access
3) If OS > Win7 AND health policy 2 –> grant access
4) If OS > Win7 AND health policy 4 –> deny access
1) If OS grant access
2) If OS deny access
1) If OperatingSystem grant access
2) If OperatingSystem deny access
1) If OS (is smaller than) Windows 8 AND health policy 1 –> grant access
2) If OS (is smaller than) Windows 8 AND health policy 3 –> deny access
The Brandump2go dump linked on the first question of this exam has the answer as 2, 3, 3. Can anyone confirm if this is correct?
Answer : 3 3 2
Create 2 SHV settings
1. Antivirus + Updates (AU)
2. Antivirus + Firewall (AF)
Existing Default SHV settings (DSHV) can not be deleted.
Create 3 Health policies:
1. “AUHP” Compliant – Client passes all SHV checks for (AU) settings
2. “AFHP” Compliant – Client passes all SHV checks for (AF) settings
3. “DSHV” NonCompliant – Client fails one or more SHV checks for (DSHV) settings
If PC fails (UF) or (AF) then it will fail (DSHV)
Create 3 Network Policies :
1. Allow unrestricted access if “AUHP” Compliant & OS version -ge 6.2 (windows 8 & 8.1)
2. Allow unrestricted access if “AFHP” compliant & (OS version -ge 6.1 & -lt 6.2) (windows 7)
3. Allow restricted access if “DSHV” NonCompliant (precessing order number should be larger than the above Network policies so that compliancy is processed before noncompliancy)
HP : 4
NP : 6
SHV : 2
—–
SHV-A > FW & AV
SHV-B > WU & AV
HP-1 > SHV-A & Client Passes All
HP-2 > SHV-A & Client Fails one or more
HP-3 > SHV-B & Client Passes All
HP-4 > SHV-B & Client Fails one or more
NP-1 > FinanceWin7 & HP-1 = Grant
NP-2 > FinanceWin7 & HP-2 = Deny (Restricted)
NP-3 > FinanceWin8 & HP-3 = Grant
NP-4 > FinanceWin8 & HP-4 = Deny (Restricted)
NP-5 > MarketingWin8 & HP-3 = Grant
NP-6 > MarketingWin8 & HP-4 = Deny (Restricted)
Agreed
can’t you do this:
HP : 4
NP : 6
SHV : 2
—–
SHV-A > FW & AV
SHV-B > WU & AV
HP-1 > SHV-A & Client Passes All
HP-2 > SHV-B & Client Passes All
NP-1 > FinanceWin7 & HP-1 = Grant
NP-2 > FinanceWin8 & HP-3 = Grant
NP-3 > MarketingWin8 & HP-3 = Grant
NP-4 > Other = Deny (Restricted)
wrong counts. Should be:
SHV : 2
HP : 2
NP : 4
Will not be Deny, it will be grant but limited access.
Agree with Bill Gates
In the question said: “minimum number of objects”, so I think will be correct answer is:
SHV: create 1 (because shv “Default Configuration” exist and can be edited)
HP: 4 – Compliant and Non-Compliant for each
NP: 4 – (remember condition “minimum number of objects”) because requirements for all comps Win8 and win 8.1 for both departments is identical
About SHVs – in questions scenario said “what is the minimum number of objects that you should create” so I think must create only one, and to edit default.
2be4got10
I was confused as well, I did some research and found the below, looks like 4, 4, 2 is correct to me – what do you guys think?
4 Network Policies
A. Access granted if Client meets conditions of being in finance department, running Windows 7 and matches Health Policy A
B. Access limited if Client meets conditions of being in finance department, running Windows 7 and matches Health Policy B
C. Access granted if Client meets conditions of being a finance computer, running Windows 8/8.1 and matches Health Policy C
D. Access limited if Client meets conditions of being a finance computer, running Windows 8/8.1 and matches Health Policy C
Conditions Step 6:
https://mizitechinfo.wordpress.com/2014/07/20/step-by-step-network-access-protection-nap-deployment-in-windows-server-2012-r2-part-3-of-7-configure-network-policies/
Network Policy Conditions Properties:
https://technet.microsoft.com/en-us/library/cc731220(v=ws.10).aspx
4 Health Policies
A. Client passes all SHV checks for SHV A
B. Client fails one or more SHV checks for SHV A
C. Client passes all SHV checks for SHV B
D. Client fails one or more SHV checks for SHV B
Health Policies: https://technet.microsoft.com/en-us/library/cc771934(v=ws.10).aspx
Create a Health Policy: https://technet.microsoft.com/en-us/library/cc726005(v=ws.10).aspx
Step 15:
https://mizitechinfo.wordpress.com/2014/07/19/step-by-step-network-access-protection-nap-deployment-in-windows-server-2012-r2-part-2-of-7-configure-health-policies/
2 SHVs:
A. A firewall is enabled for all network connections + Antivirus is up to date
B. Automatic Updating is on + Antivirus is up to date
Windows Security Health Validator: https://technet.microsoft.com/en-us/library/cc731260(v=ws.10).aspx
System Health Validators: https://technet.microsoft.com/en-us/library/cc771201(v=ws.10).aspx
Step 13:
https://mizitechinfo.wordpress.com/2014/07/19/step-by-step-network-access-protection-nap-deployment-in-windows-server-2012-r2-part-2-of-7-configure-health-policies/
then you need to add 2 more for marketing department as none of your network policies apply to the marketing computers.
IMO Bill Gates’s comments above are correct.
You can add the department name as a condition to the existing network policy. You don’t need to create 2 extra network policies for this. Therefore, the number of network policies remains 4. NP 4, HP 4, HV 2 (or 1 if default HV does not count)
No new questions of my 70-413 exam on 31/Jan/2016!
There are 4 Case Studies: Northwind, Parnell, Liteware and Woodgrovebank, 7 Drag and Drop questions. Also, many questions on VPN, Remote Access, WDS, GPO, NAP and DHCP.
Learned all exam questions from PassLeader 70-413 exam dumps (pdf and vce file: http://bit.ly/1AJH4c6), wrong answers have been corrected in it!!!
Good Luck!
I think we have to create:
HP: 2 (pre-existed 2 needs to be updated)
NP: 2 (pre-existed 2 needs to be updated)
SHV: 1 (pre-existed 1 needs to be updated)
I think it will be correct. 1-1-1. Because it asks the minimum number and it will be minimal 1 for each section. If it will ask the what is the number of connection we will need to find correct answer.