Your company has a main office.
The network contains an Active Directory domain named contoso.com. The main office
contains a server named Server1 that runs Windows Server 2012. Server1 has the Remote
Access server role installed and is configured to accept incoming SSTP-based VPN
connections.
All client computers run Windows 7.
The company plans to open a temporary office that will contain a server named Server2 that
runs
Windows Server 2012 and has the DHCP Server server role installed. The office will also
have 50 client computers and an Internet connection.
You need to recommend a solution to provide the users in the temporary office with access
to the resources in the main office.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
A.
Use the Connection Manager Administration Kit (CMAK) to create a connection package
that specifies Server1 as the target for SSTP-based VPN connections. Manually distribute
the CMAK package to each client computer in the temporary office.
B.
Install the Remote Access server role on Server2. From Routing and Remote Access on
Server2, add a SSTP-based VPN port. From DHCP on Server2, configure the default
gateway server option.
C.
Uses the Connection Manager Administration Kit (CMAK) to create a connection package
that specifies Server1 as the target for SSTP-based VPN connections. Use a Group Policy
object
(GPO) to distribute the CMAK package to each client computer in the temporary office.
D.
Install the Remote Access server role on Server2. From Routing and Remote Access on
Server2, configure a demand-dial interface. From DHCP on Server2, configure the default
gateway server option.
Explanation:
See link for an article on both Routing and Remote Access server role and the DHCP default
gateway option.
http://blogs.technet.com/b/rrasblog/archive/2009/03/25/remote-access-deployment-part-2-
configuringrras-asa-vpn-server.aspx
With all respect I think that “B” is wrong answer. You do not need to install RRAS on branch office server for adding VPN Port. This should be done by Network and Sharing center – Set up a new connection or network -> Connect to a workspace -> Using my Internet connection (VPN) … and select “Allow other people to use this connection” checkbox. Installing VPN client to every workstation seems to much administrative efforts, so “D” is my favorite for right answer.
The server1 accepts incoming SSTP connections. Temporary solution means no change is acceptable at the main site. This is why the answer should be B. The demand-dial interface cannot connect to server1 using SSTP(answer D).
Answers A and C seems to be good but creates administrative burden. Option B is seamless to users.
Agreed, B: is the right choice.
Agree with Emo
see Q 2 here
http://blogs.technet.com/b/rrasblog/archive/2007/01/10/sstp-faq-part-1-generic.aspx
Although D requires installing RRAS so not sure about Emo explanation which is for a point to site VPN on each client
The right answer is C
Connection Manager Administration Kit
http://www.pluralsight.com/training/player?author=tim-warner&name=windows-server-2012-70-413-network-access-services-m1&mode=live&clip=10&course=windows-server-2012-70-413-network-access-services
In that case my answer is A.
Server1 [in the main office] already has Remote Access installed and is fully configured to accept the incoming SSTP-based VPN connections. Need to provide users with access to the resources [file servers] in the MAIN! office [not in the temporary office where only Server2 is, temporary office does not seem to have any file servers not even RODC, why establish a connectivity to it?]. Temporary office is like home. All you have is a DHCP given IP address and the Internet connection.
So, I would create a CMAK package and publish it on the company’s website.
Can’t use the GPO to distribute it, because the client computers/laptops are not connected to any DC/domain/main office yet. Or put the CMAC package on a USB stick and execute it on every computer in the temporary office.
My answer is A.
SSTP can’t be used for Site-to-Site…
Cannot distribute via GP…
Demand-Dial is just wrong, as Server 1 is configured for SSTP…
Therefore : Answer A
Site-to-Site connections cannot use SSTP. So B and D can be crossed off.
In all likelihood they are asking about CMAK, since CMAK is used for simplifying the deployment of VPN client-connection setup. With CMAK we create the VPN profile in executable file format, and then distribute it to the clients.
The client users then simply double-click the executable in order to connect.
So we have two options left.. A and C…
Since C utilizes Group policy, we can cross it off our list of possible answers too because the remote clients aren’t connected to the domain yet, or don’t have a connection to a domain controller even if they are, so the GPO settings can’t be sent to the machines.
The only answer left is A… it meets the criteria, its pretty darn simple to do, and it utilizes a MS utility that they probably intend to highlight with a question like this (CMAK).
Agree with ‘puck’ about A and C. It’s a little bit tricky one, to determine whether they have joined domain.
All we have: ‘The office will also have 50 client computers and an Internet connection.’. It seems they have no connection with main office, therefore haven’t joined domain. In this case I think A is a correct one.
I saw James Conrad from CBT nuggets configuring it. So I go for D.
RJB