Before deploying NAP, what must be installed?

For Network Access Protection (NAP) to work effectively, one of the primary components that must be installed is the Network Policy Server (NPS). NPS plays a critical role in the NAP architecture as it is responsible for enforcing health policies and determining the level of network access granted to client devices based on their compliance with these policies.

NPS acts as a RADIUS server and can authenticate and authorize connection requests from clients. It is essential for the correct functioning of NAP because it evaluates the health status of the client machines, such as whether they have up-to-date antivirus software or security updates. Once it assesses the client's health, NPS can enforce specific network access policies, deciding whether the client is granted full access, limited access, or no access to network resources.

The other options, while related to network and system components, do not serve the primary function required for NAP implementation. For instance, Internet Information Server (IIS) is primarily used for hosting web applications, Active Directory Federation Services is used for identity federation and single sign-on, and Windows Update Service handles software updates. None of these services are specifically designed to support the direct enforcement of network access policies in the way that NPS does. Thus, having NPS installed is