Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the
Network Policy Server role service installed.
You plan to configure Server1 as a Network Access Protection (NAP) health policy server for
VPN enforcement by using the Configure NAPwizard.
You need to ensure that you can configure the VPN enforcement method on Server1
successfully.
What should you install on Server1 before you run the Configure NAP wizard?
A.
A computer certificate
B.
A system health validator (SHV)
C.
The Remote Access server role
D.
The Host Credential Authorization Protocol (HCAP)
Explanation:
A) Host Credential Authorization Protocol (HCAP) allows you to integrate your Microsoft
Network Access Protection (NAP) solution with Microsoft Network Admission Control
B) System health validators (SHVs) define configuration requirements for NAP client
computers.
D) The NAP health policy server requires a computer certificate to perform PEAP-based user
or computer authentication. After this certificate is acquired, a connection to AD CS is not
required for as long as the certificate is valid.
http://technet.microsoft.com/en-us/library/cc732681.aspx
http://technet.microsoft.com/en-us/library/dd125396(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/hh831416.aspx
http://technet.microsoft.com/en-us/library/dd125301(v=ws.10).aspx
Explanation points to C – Remote Access Server Role
Answer is A:
https://msdn.microsoft.com/en-us/library/dd314165%28v=ws.10%29.aspx
Before performing this procedure, you must install a certificate for Protected Extensible Authentication Protocol (PEAP) authentication. For more information, see Install a Computer Certificate for PEAP.
C is not correct. The NPS/NAP Server is not the VPN server. I think A.