HOTSPOT
Your network contains an Active Directory forest named northwindtraders.com.
The client computers in the finance department run either Windows 8.1, Windows 8, or Windows 7. All
of the client computers in the marketing department run Windows 8.1.
You need to design a Network Access Protection (NAP) solution for northwindtraders.com that meets
the following requirements:
The client computers in the finance department that run Windows 7 must have
a firewall enabled and the antivirus software must be up-to-date.
The finance computers that run Windows 8.1 or Windows 8 must have
automatic updating enabled and the antivirus software must be up-to-date.
The client computers in the marketing department must have automatic
updating enabled and the antivirus software must be up-to-date.
If a computer fails to meet its requirements, the computers must be provided
access to a limited set of resources on the network.
If a computer meets its requirements, the computer must have full access to the
network.
What is the minimum number of objects that you should create to meet the requirements? To answer,
select the appropriate number for each object type in the answer area.
Explanation:
Box 1: Health policies: 3
We need three polices:
1. If it passes anti-virus and Firewall
2. If it passes anti-virus and Updates
3. If it fails antivirus, Updates, or Firewall
Note:Health policies define which SHVs are evaluated and how they are used in validating the configuration of
computers that attempt to connect to your network. Based on the results of SHV checks, health policies
classify client health status.
Box 2: Network policies: 4
1. Allow unrestricted access for Finance department if “First health policy” Compliant & (OS version -ge
6.1 & -lt 6.2) (windows 7)
2. Allow unrestricted access for Finance department if “Second health policy” Compliant & OS version –
ge 6.2 (windows 8 & 8.1)
3. Allow unrestricted access for Marketing department if “Second health policy” Compliant
4. Else Allow restricted access.
Box 3: System health validator settings: 2
We need two System Health Validator setting:
1. firewall enabled and the antivirus software must be up-to-date (for the Windows 7 clients in finance)
2. automatic updating enabled and the antivirus software must be up-to-date (for the Windows 8.1 or
Windows 8 clients in finance, and for clients in marketing)
Note: System health validators (SHVs) define configuration requirements for computers that attempt to
connect to your network.
The procedure to configure an SHV is unique to each SHV. Configuration choices for the WSHV are shown
the following example.Configuring NPS system health validators and policies
https://technet.microsoft.com/en-us/library/dd441008.aspx
Configuring NPS network policies
https://technet.microsoft.com/en-us/library/dd441006.aspx
SHV-A > FW & AV
SHV-B > WU & AV
HP-1 > SHV-A & Client Passes All
HP-2 > SHV-B & Client Passes All
NP-1 > Finance & Win7 & HP-1 = allow
NP-2 > Finance & Win8 & HP-2 = allow
NP-3 > Marketing & HP-2 = allow
NP-4 > Other = allow Restricted
2 2 4
Well… The given answer is completely wrong. The links in the explaination date back to 2009 and one is for Threat Management Gateway. I see no reason to trust the given answer.
I see validity in your reply, EZ. However, in my MS training lab for NPS, the SHV has two categories; Windows 8/7/Vista, and Windows XP. For the Win 8/7/V SHV settings, you can do everything you need to in just one setting.
In Box 1: ‘2’
1 HP to allow access if all criteria is met (which is the situational guideline).
1 HP to allow access (to the restricted network) if all criteria is NOT met.
In Box 2: ‘2’
1 NP with HP1 attached to grant access and get an IP for the UNRESTRICTED network.
1 NP with HP2 attached to grant access and get an IP for the restricted network.
In Box 3: ‘1’
1 SHV to check Windows versions 8(.1)/7/Vista for the situational requirements.
So 2, 2, 1. Final answer.