Pop Quiz
Enforcing NAP (Exam 70-264)
Which of the following are valid methods of NAP enforcement to control access to the network for healthy and unhealthy clients in Windows 2008?
(Choose all correct answers.)
- DHCP for address lease or renewal.
- IPSec for secure, boundary, and restricted network access.
- RRAS for VPN remote access.
- 802.1x control for restricted or unrestricted VLAN access.
Trick question, as all answers are correct.
Windows 2008 NAP enforcement options include DHCP, VPN, 802.1x, and IPSec to allow healthy clients full network access but unhealthy clients limited or no access.
NAP healthy and unhealthy clients are defined by configuring NAP System Health Validators placed on the NPS.
SHVs are set by IT administrators and placed on system health servers. Clients requesting network access provide their statement of health to network access devices which are forwarded to the IAS policy server. It compares the SoH against the defined SHV and notifies the NAD whether to allow the client full or restricted access. If the client is deemed unhealthy it is referred to the fix-up servers for virus, malware, or firewall remediation.
About the Author
Andy Barkl, CCNP, CCDP, CISSP, MCT, MVP, MCDST, MCSE: Security, MCSA: Security, MCSA: Messaging A+, CTT+, i-Net+, Network+, Security+, Server+, CNA, has over 20 years of experience in the IT field. He's the owner of MCT & Associates LLC, a technical training and consulting firm in Phoenix, Arizona. He enjoys dividing his time between teaching in the classroom, writing from his office and consulting on Cisco and Windows deployments. He's also the online editor for MCPMag.com, TCPMag.com, CertCities.com, and a contributing author and editor for Sybex and Cisco Press. He hosts a multitude of exam preparation chats monthly on MCPmag.com and CertCities.com.