You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory domain. The functional level of the domain is Windows Server 2008. All the domain controllers on the domain run Windows Server 2008 and all client computers run Windows Vista.
The network contains 1,000 client computers that are connected to managed switches. You have been asked to ensure that users on the corporate network are unable to bypass network access restrictions and only client computers that have up-to-date service packs and anti-malware software installed can access the network.
Which of the following options would you choose to accomplish the desired task? (Select Two. Each correct answer will present a part of the answer.)
A.
Implement Network Access Protection (NAP)
B.
Implement a Network Policy Server (NPS)
C.
Use 802.1x enforcement
D.
Use DHCP enforcement.
E.
Enable IPsec on the domain controllers
F.
Enable Remote Authentication Dial-In User Service (RADIUS) authentication on the managed switches.
Explanation:
To ensure that users on the corporate network are unable to bypass network access restrictions and only client computers that have up-to-date service packs and anti-malware software installed can access the network, you need to implement Network Access Protection (NAP) that uses 802.1x enforcement
Network Access Protection (NAP) is one of the most desired and highly anticipated features of Windows Server 2008. NAP is a new platform and solution that controls access to network resources based on a client computer’s identity and compliance with corporate governance policy. NAP allows network administrators to define granular levels of network access based on who a client is, the groups to which the client belongs, and the degree to which that client is compliant with corporate governance policy. If a client is not compliant, NAP provides a mechanism to automatically bring the client back into compliance and then dynamically increase its level of network access.
With 802.1X enforcement, a computer must be compliant to obtain unlimited network access through an 802.1X-authenticated network connection
Administrators can create solutions for validating computers that connect to or communicate on their networks, provide needed updates or access to needed resources, and limit the network access of computers that are noncompliant. The validation and enforcement features of NAP can be integrated with software from other vendors or with custom programs.
Note NAP is not designed to protect a private network from malicious users. It is designed to help administrators maintain the system health of the computers on a private network. NAP is used in conjunction with authentication and authorization of network access, such as using IEEE 802.1X for wireless access.