• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

50 Cards in this Set

  • Front
  • Back
is a set of permissions or restrictions that are used by remote access authenticating servers that determine who, when ,and how a client can connect to a network
NPS policy
A policy that establishes sets of conditions and settings that specify which Radius Servers perform the authentication, authorization, and the accounting of radius messages(connection request) received by the NPS server from its Radius Clients, and it can also be used to designate which Radius Servers are used for Authenticating and Accounting.
Connection Request Policy
A policy that establishes sets of conditions, constraints, and settings that specify who is authorized to connect to the network and the circumstances under which they can or cannot connect.
Network Policies
A policy that establishes one or more system health validators and other settings that enable you to define client computer configuration requirements for the Network Access Policy(NAP)-capable computers that attempt to connect to your network.
Health Policies
These policies are applied to NPS as a RADIUS server or RADIUS proxy.
Connection Request Polices

Based on:
.Time of the day and week
.The realm name(user condition)
.The type of connection requested
.The IP address of the Radius Client
When you create connection request policies, what parameters do I define?
.Type of network access server such as RAS(VPN)
.Condition that specifies who or what can connect to the network based on one or more Radius Attributes
.Settings that are applied to an incoming RADIUS message, such as authentication, accounting, and attribute manipulation.
these are processed or forwarded by NPS only if the settings of the incoming message match at least one of the connection request polices configured on the NPS server(RADIUS server)
RADIUS Access-Request messages
these conditions are on or more RADIUS attributes that are compared to the attributes of the incoming RADIUS-Access Request message
Connection request policy of the RADIUS server
1.Username(Group)/Username(Attribute): Designates the user name(realm/domain name) that is used by the access client.

2.Connection Properties(Group) /Access Client Ipv4 Address(Attribute):address of the access client that request access from the Radius Client.

3.Day & Time Restriction(Group) /Day&Time Restriction(Attribute)

4.Identitiy Type(Group)/Identity Type(Attribute):Used to restrict policy to only clients that can be identified through NAP, and give a statement of heald(SOH)

5.RADIUS Client Properties(Group) /Calling Station ID(Attribute):Designates the phone number used by the caller

A nps policy evaluates remote connections based on what 3 components?
These allow you to control which packets are allowed through a network connection based on IP address.
IP Filters
What are the six NPS templates that are available in Template Management?
1.Radius Clients
2.Remote Radius Server Group
3.Remediation Servers
4.IP Filters
5.Shared Secrets
6.Health Policies
This encryption is used with a 40-bit key
Basic Encryption(MPPE 40-Bit)
This encryption is used with a 56-bit key
Strong Encryption(MPPE 56-bit)
This encryption is used with a 128-bit key
Strongest Encryption(MPPE 128 bit)
To stop a NPS server from acting as a radius server(performing authentication on its on)?
Delete the default connection request policy
To configure a server running NPS to act as a RADIUS PROXY and forward connection request to other RADIUS servers?
1.Configure a Remote Radius Server Group
2.Add a New Connection Request Policy that specifies the conditions that must match the radius servers.
What are connection request policies' remote connections based on
This condition designates the user name(realm name/domain name) and a user account that is used by the access client in the RADIUS message
User Name attribute

This condition designates the ipv4 address of the Access client the request access from the RADIUS client
Access Client IPv4 Address

Group: Connection Properties
This condition designates the ipv6 address...
Access Client Ipv6 Address

Group: Connection Properties
This condition designates the type of framing for incoming packets, such as Point-To-Point Protocol, serial line...etc
Framed Protocol

Group: Connection Properties
This condition designates the type of service requested
Service Type

Group: Connection Properties
Designates the type of VPN to use
Tunnel Type

Group: Connection Properties
Designates the day of the week and time a connection can be made
Day & Time Restriction

Group: Day & Time Restriction
Used to restrict policy to only clients that can be identified through the special mechanism, such a NAP , and give a statement of health (SOH)
Identity Type

Group: Identity Type
This condition designates the phone number used by the caller(the access client)
Calling Station ID

Group: RADIUS Client Properties
Designates the name of the RADIUS Client computer that request authentication.
Client Friendly Name

Group: RADIUS Client Properties
Specifies the ipv4 or ipv6 address of the RADIUS client that forwarded the connection request to NPS.
Client IPV6 or Client IPV4 Address

Group: RADIUS Client Properties
Specifies the name of the vendor of the RADIUS client that sends connection request to NPS
Client Vendor

Group: RADIUS Client Properties
Specifies a character string that is the telephone number of the network access server
Called Station ID

Group: Gateway
Specifies a character string that is the name of the NAS
NAS Identifier

Group: Gateway
Designates the IPv4 or IPv6 address for the network access server(Radius Client)
NAS IPV4 Address

Group: Gateway
NAS Port Type condition specifies the type of media used by the access client, such as analog phone lines, ISDN, VPN connection, IEEE 802.11 wireless, and Ethernet switches
NAS Port Type
is Microsoft's software for controlling network access for computers based on the health of the host
This enforcement method uses DHCP configuration information to ensure that NAP clients remain in compliance
DHCP Enforcement

weakest form, because it can be bypassed with static ip addresses or adding a route to the table
This enforcement method has been secured by specially configured PKI certificates know as health certificates, which are issued to clients that meet the defined health standards.
This enforcement method restricts the level of network access that a remote access client can obtain based on the health information that client computer presents when the VPN connection is made
This enforcement method has aware network access points, such as network switches, or wireless access points(Deals with a supplicant, authenticator, and authentication server)
This enforcement method allows authorized remote users to connect to resources from any Internet connecting device
What 3 Things must be configured on the client to execute NAP correctly?
1.Nap Agent Service
2.Enforcement group policy
3.Security Center
What must be configure on the DHCP that is going to be used with NAP
Install the NPS server and configure a connection request policy to the remote radius group

Enable NAP on all scopes
How do you configure NAP ENFORCEMENT FOR VPN?
1.Install NPS on the VPN Server
2.Configure the VPN server and have it use PEAP-based authentication(MS-chap or peap-tls)
3.Configure the SHV, Health Policy, Network Policy, buy running the nap wizard; Define the computer or user groups, shared secret, radius client(vpn server), remediation servers, and the nap-non capable computers.
4.Enable the DHCP Quarantine Enforcement Client in Group Policy, enable the NAP service and Security Center for the nap-capable clients
What do remediation servers typically consist of?
1. DHCP server
2.AD RODC/DNS Server
3.WSUS/AV Server


4.Internet Proxy Servers so none compliant clients can access the Internet
5.HRA to issue health certificate
To verify a client is running the NAP agent service?
cmd: netsh nap client show state
What is the strongest enforcement type?
What is Window's built in SHA?
Windows Security Center
What defines the requirements for client computers to connect to a network that is connected?
SHV(System Health Validator)
Which server is used as the Health policy server?
Requirements for HRA automatic discovery?
1.Client Computers must be running Vista SP1 or XPsp3
2.HRA server must be configured with a SSL Certificate
3.Enable discovery registry key must be on nap client computers
4.DNS SRV records be configured
5.Trusted server group configuration in group policy must be cleared