Your network contains an Active Directory domain named adatum.com.
The domain contains a server named Server1 that runs Windows Server 2012.
Server1 is configured as a Network Policy Server (NPS) server and as a DHCP server.
You need to ensure that only computers that send a statement of health are checked for Network Access
Protection (NAP) health requirements.
Which two settings should you configure? (Each correct answer presents part of the solution. Choose two.)
A.
The NAP-Capable Computers conditions
B.
The MS-Service Class conditions
C.
The NAS Port Type constraints
D.
The Called Station ID constraints
E.
The Health Policies conditions
Explanation:
The NAP-Capable ensures that the machine is able tosend a statement of health, and the Health Policy tells it
which policy to evaluate against.
SHV multi-configuration
Windows Server 2008 allowed you to configure just one set of health tests for each SHV. As a result, an NPS server couldn’t normally adjust its health checks to suit different NAP client types.
This limitation could sometimes present a problem. In some scenarios, you might prefer to apply different health checks to different enforcement methods, computers, or users. For example, you might want to require all VPN-connected computers to have their antivirus software both enabled and up-to-date but require local DHCP-based connections to have their antivirus software only enabled. To meet such a requirement in Windows Server 2008, you normally needed to use two NPS servers.
In Windows Server 2008 R2 and later, however, you can now create multiple configurations for each SHV. After you create additional configurations beyond the default configuration, you can specify which SHV configuration you want to use for a particular health policy. Figure 7-5 shows an example of multiple configurations created for the built-in SHV, Windows Security Health Validator.
https://www.microsoftpressstore.com/articles/article.aspx?p=2216994