Home » Microsoft » 70-647 » Which NAP enforcement method should you use?
Your network consists of one Active Directory domain and one IP subnet. All servers run Windows Server 2008 R2. All client computers run Windows 7.
The servers are configured as shown in the following table. (Click the Exhibit)
All network switches used for client connections are unmanaged.
Some users connect to the local area network (LAN) from client computers that are joined to a workgroup. Some client computers do not have the latest Microsoft updates installed.
You need to recommend a Network Access Protection (NAP) solution to protect the network. The solution must meet the following requirements:
- Only computers that are joined to the domain must be able to connect to servers in the domain.
- Only computers that have the latest Microsoft updates installed must be able to connect to servers in the domain.
Which NAP enforcement method should you use?
A. 802.1 x
B. DHCP
C. IPsec
D. virtual private network (VPN)
Correct Answer: C
Explanation/Reference:
Explanation:
To ensure that only the computers that have the latest Microsoft updates installed must be able to connect to servers in the domain and only the computers that are joined to the domain must be able to connect to servers in the domain, you need to use IPSec NAP enforcement method. IPsec domain and server isolation methods are used to prevent unmanaged computers from accessing network resources. This method enforces health policies when a client computer attempts to communicate with another computer using IPsec.
Reference: Protecting a Network from Unmanaged Clients / Solutions
http://www.microsoft.com/technet/security/midsizebusiness/topics/serversecurity/unmanagedclient s.mspx
Reference: Network Access Protection (NAP) Deployment Planning / Choosing Enforcement Methods
http://blogs.technet.com/nap/archive/2007/07/28/network-access-protection-deployment- planning.aspx