Your network consists of a single Active Directory domain. All domain controllers run Windows
Server 2008 R2. There are five servers that run Windows Server 2003 SP2. The Windows Server 2003
SP2 servers have the Terminal Server component installed. A firewall server runs Microsoft Internet
Security and Acceleration (ISA) Server 2006. All client computers run Windows 7. You plan to give
remote users access to the Remote Desktop Services servers. You need to create a remote access
strategy for the Remote Desktop Services servers that meets the following requirements:
• Minimizes the number of open ports on the firewall server
• Encrypts all remote connections to the Remote Desktop Services servers
• Prevents network access to client computers that have Windows Firewall disabled
What should you do?
A.
Implement port forwarding on the ISA Server. Implement Network Access Quarantine Control on
the ISA Server.
B.
Upgrade a Windows Server 2003 SP2 server to Windows Server 2008 R2. On the Windows Server
2008 R2 server, implement the Remote Desktop Gateway (RD Gateway) role service, and implement
Network Access Protection (NAP).
C.
Upgrade a Windows Server 2003 SP2 server to Windows Server 2008 R2. On the Windows Server
2008 R2 server, implement the Remote Desktop Gateway (RD Gateway) role service, and configure a
Remote Desktop connection authorization policy (RD?CAP).
D.
Upgrade a Windows Server 2003 SP2 server to Windows Server 2008 R2. On the Windows Server
2008 R2 server, implement the Remote Desktop Gateway (RD Gateway) role service, and configure a
Remote Desktop resource authorization policy (RD RAP).
Explanation:
Terminal Services Gateway
TS Gateway allows Internet clients secure, encrypted access to Terminal Servers behind your
organization’s firewall without having to deploy a Virtual Private Network (VPN) solution. This means
that you can have users interacting with their corporate desktop or applications from the comfort of
their homes without the problems that occur when VPNs are configured to run over multiple
Network Address Translation (NAT) gateways and the firewalls of multiple vendors.
TS Gateway works using RDP over Secure Hypertext Transfer Protocol (HTTPS), which is the same
protocol used by Microsoft Office Outlook 2007 to access corporate Exchange Server 2007 Client
Access Servers over the Internet. TS Gateway Servers can be configured with connection
authorization policies and resource authorization policies as a way of differentiating access to
Terminal Servers and network resources.
Connection authorization policies allow access based on a set of conditions specified by the
administrator; resource authorization policies grant access to specific Terminal Server resources
based on user account properties.
Network Access Protection
You deploy Network Access Protection on your network as a method of ensuring that computers
accessing important resources meet certain client health benchmarks. These benchmarks include
(but are not limited to) having the most recent updates applied, having antivirus and anti-spyware
software up to date, and having important security technologies such as Windows Firewall
configured and functional. In this lesson, you will learn how to plan and deploy an appropriate
network access protection infrastructure and enforcement method for your organization.