Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that has the Remote Access server role installed.
DirectAccess is implemented on Server1 by using the default configuration.
You discover that DirectAccess clients do not use DirectAccess when accessing websites on
the Internet.
You need to ensure that DirectAccess clients access all Internet websites by using their
DirectAccess connection.
What should you do?
A.
Configure a DNS suffix search list on the DirectAccess clients.
B.
Configure DirectAccess to enable force tunneling.
C.
Disable the DirectAccess Passive Mode policy setting in the DirectAccess Client Settings
Group Policy object (GPO).
D.
Enable the Route all traffic through the internal network policy setting in the DirectAccess
Server Settings Group Policy object (GPO).
Explanation:
With IPv6 and the Name Resolution Policy Table (NRPT), by default, DirectAccess clients
separate their intranet and Internet traffic as follows:
DNS name queries for intranet fully qualified domain names (FQDNs) and all intranet traffic
is exchanged over the tunnels that are created with the DirectAccess server or directly with
intranet servers. Intranet traffic from DirectAccess clients is IPv6 traffic.
DNS name queries for FQDNs that correspond to exemption rules or do not match the
intranet namespace, and all traffic to Internet servers, is exchanged over the physical
interface that is connected to the Internet. Internet traffic from DirectAccess clients is
typically IPv4 traffic.
In contrast, by default, some remote access virtual private network (VPN) implementations,
including the VPN client, send all intranet and Internet traffic over the remote access VPN
connection. Internet-bound traffic is routed by the VPN server to intranet IPv4 web proxy
servers for access to IPv4 Internet resources. It is possible to separate the intranet and
Internet traffic for remote access VPN clients by using split tunneling. This involves
configuring the Internet Protocol (IP) routing table on VPN clients so that traffic to intranet
locations is sent over the VPN connection, and traffic to all other locations is sent by using
the physical interface that is connected to the Internet.
You can configure DirectAccess clients to send all of their traffic through the tunnels to the
DirectAccess server with force tunneling. When force tunneling is configured, DirectAccess
clients detect that they are on the Internet, and they remove their IPv4 default route. With theexception of local subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that
goes through tunnels to the DirectAccess server.
B
D
Force Tunneling is enabled via Group Policy:
Computer Configuration\Administrative Templates\Network\Network Connections\Route all traffic through the internal network
http://blogs.technet.com/b/tomshinder/archive/2010/03/30/more-on-directaccess-split-tunneling-and-force-tunneling.aspx
its not enabled by default
I agree with mslover: you use Group Policy to enable Force Tunneling
https://technet.microsoft.com/pt-pt/library/ee649127%28v=ws.10%29.aspx
So D is the correct answer
The links provided above are for windows server 2008, not sure if 2012 applies the same.
Answer is B, on server 2012 forced tunneling is configured by checking a check box.
Configuring force tunneling has changed in server 2012. https://technet.microsoft.com/en-us/library/jj134204(v=ws.11).aspx#BKMK_forcetunnel