Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when clientcomputers connect to the corporate network from the
Internet, all of the traffic destined for the Internet must be routed through the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the security policy
requirement.
What should you include in the recommendation?
A.
Set the ISATAP State to state enabled.
B.
Enable split tunneling.
C.
Set the ISATAP State to state disabled.
D.
Enable force tunneling.
Explanation:
http://blogs.technet.com/b/csstwplatform/archive/2009/12/15/directaccess-how-to-configure-force- tunneling-
forda-so-that-client-are-forced-to-use-ip-https.aspx
You can configure DirectAccess clients to send all of their traffic through the tunnels to the DirectAccess server
with force tunneling. When force tunneling is configured, DirectAccess clients that detect that they are on the
Internet modify their IPv4 default route so that default route IPv4 traffic is not sent. With the exception of local
subnet traffic, all traffic sent by the DirectAccess client is IPv6 traffic that goes through tunnels to the
DirectAccess server.