Which two actions should you perform?

Your network contains an Active Directory domain named contoso.com. The domain contains three
servers. The servers are configured as shown in the following table.

You need to ensure that end-to-end encryption is used between clients and Server2 when the clients
connect to the network by using DirectAccess.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose
two.)

A.
From the Remote Access Management Console, reload the configuration.

B.
Add Server2 to a security group in Active Directory.

C.
Restart the IPSec Policy Agent service on Server2.

D.
From the Remote Access Management Console, modify the Infrastructure Servers settings.

E.
From the Remote Access Management Console, modify the Application Servers settings.

Explanation:
Unsure about these answers:
A public key infrastructure must be deployed.
Windows Firewall must be enabled on all profiles.
ISATAP in the corporate network is not supported. If you are using ISATAP, you should remove it and
use native IPv6.
Computers that are running the following operating systems are supported as DirectAccess clients:
Windows Server® 2012 R2
Windows 8.1 Enterprise
Windows Server® 2012
Windows 8 Enterprise
Windows Server® 2008 R2
Windows 7 Ultimate
Windows 7 Enterprise
Force tunnel configuration is not supported with KerbProxy authentication.
Changing policies by using a feature other than the DirectAccess management console or Windows
PowerShell cmdlets is not supported.
Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported.