Pop Quiz: Windows Server 2012: Deploying NAP 802.1X
Applies to the "Configure a Network Policy Server Infrastructure" objective of Exam 70-417.
Q: A company's administrator needs to deploy all necessary services to support the NAP policy enforcement method 802.1X.
Which of the following services are required for NAP 802.1X enforcement? (Choose all that apply.)
- AD DS
- AD CS
Answer and explanation are below.
Answers are B and C: The Active Directory Domain Services (AD DS) and Active Directory Certificate Services (AD CS) are required services for the NAP enforcement method 802.1X.
Quick Tip: A NAP health policy server requires connectivity to a domain controller to perform PEAP (Protected Extensible Authentication Protocol)-based computer authentication requests. The NAP health policy server also requires a computer certificate to perform the PEAP authentication. After a certificate is acquired, a connection to the certificate server is not required as long as the certificate is valid. However, the AD CS server could continue to be used to issue client computer certificates.
Bonus Question: What methods are available to cleanup Active Directory metadata? (The answer, of course, will be revealed next time!)
Answer to bonus question from last time: Windows Server 2012 Network Access Protection (NAP enforcement methods include 802.1X port-based wired and wireless network access control, Dynamic Host Configuration Protocol (DHCP) Internet Protocol version 4 (IPv4) address lease and renewal, Internet Protocol security (IPsec) policies for Windows Firewall on client computers, Remote Desktop Gateway connections by using Remote Desktop Services, and Virtual private networks (VPN) with Routing and Remote Access..
Andy Barkl, MCT/MCITP/MCSA, A+, Network+, Security+, CCNA has been studying technology for 30 years. Of the last 15 years, he has spent much of his time parting the knowledge and experience he has gained through IT exams, over 300, to help others be prepared and successful. He teaches classes in Phoenix, Ariz. where he has lived most of his life. He can be reached by e-mail at firstname.lastname@example.org.