Your network consists of one Active Directory domain and one IP subnet. All servers run Windows
Server 2008 R2. All client computers run Windows 7. The servers are configured as shown in the
following table. (Click the Exhibit)
All network switches used for client connections are unmanaged. Some users connect to the local
area network (LAN) from client computers that are joined to a workgroup. Some client computers do
not have the latest Microsoft updates installed. You need to recommend a Network Access
Protection (NAP) solution to protect the network. The solution must meet the following
requirements:
Only computers that are joined to the domain must be able to connect to servers in the domain.
Only computers that have the latest Microsoft updates installed must be able to connect to
servers in the domain.
Which NAP enforcement method should you use?
A.
802.1 x
B.
DHCP
C.
IPsec
D.
virtual private network (VPN)
Explanation:
To ensure that only the computers that have the latest Microsoft updates installed must be able to
connect to servers in the domain and only the computers that are joined to the domain must be able
to connect to servers in the domain, you need to use IPSec NAP enforcement method. IPsec domain
and server isolation methods are used to prevent unmanaged computers from accessing network
resources. This method enforces health policies when a client computer attempts to communicate
with another computer using IPsec.
Protecting a Network from Unmanaged Clients / Solutions
http://www.microsoft.com/technet/security/midsizebusiness/topics/serversecurity/unmanagedclie
nts.mspx
Network Access Protection (NAP) Deployment Planning / Choosing Enforcement
Methods
http://blogs.technet.com/nap/archive/2007/07/28/network-access-protection-deploymentplanning.aspx