Your network contains an Active Directory domain named contoso.com. The domain
contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate
network from the Internet, all of the traffic destined for the Internet must be routed through
the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the
security policy requirement
Solution: You set the ISATAP State to state disabled.
Does this meet the goal?
A.
Yes
B.
No
Given answer is correct! B. No
The security policy states that when remote client computers are connected via the Direct Access Tunnel (to the corporate network)they must access the Internet as well, through the corporate network.
Split-Tunneling (which is enabled by default on Direct Access) configures the setup so that client computers connect to their corporate network through Direct Access, but if they wish to access the internet, they use their local internet connection to do so.
Force-Tunneling configures the setup so that clients access their corporate network data though the DA connection AND they access the internet through it too (basically using the corporate internet connection by proxy through the DA Tunnel).
Disabling ISATAP would not do this, as far as I know.
Another version of this question has the option “Enable Force Tunneling.” That is the correct answer for that.