Your network contains an Active Directory domain named contoso.com. The domain contains servers
that run either Windows Server 2008 R2 or Windows Server 2012.
All client computers on the internal network are joined to the domain. Some users establish VPN
connections to the network by using Windows computers that do not belong to the domain.
All client computers receive IP addresses by using DHCP.
You need to recommend a Network Access Protection (NAP) enforcement method to meet the following
requirements:
Verify whether the client computers have up-to-date antivirus software.
Provides a warning to users who have virus definitions that are out-of-date.
Ensure that client computers that have out-of-date virus definitions can connect
to the network.
Which NAP enforcement method should you recommend?
A.
DHCP
B.
IPSec
C.
VPN
D.
802.1x
Explanation:
NAP enforcement for DHCP
DHCP enforcement is deployed with a DHCP Network Access Protection (NAP) enforcement server
component, a DHCP enforcement client component, and Network Policy Server (NPS).
Using DHCP enforcement, DHCP servers and NPS can enforce health policy when a computer attempts to
lease or renew an IP version 4 (IPv4) address. However, if client computers are configured with a static IP
address or are otherwise configured to circumvent the use of DHCP, this enforcement method is not
effective.Note: The NAP health policy server can use a health requirement server to validate the health state of
the NAP client or to determine the current version of software or updates that need to be installed on
the NAP client.
NAP Enforcement for DHCP
http://technet.microsoft.com/en-us/library/cc733020(v=ws.10).aspx