A company wants to prevent employees who access the company’s Remote Desktop Session Hosts
(RD Session Hosts) from introducing malware onto the corporate network. You have the following
requirements:
• Ensure that only client computers that have an up-to-date antivirus program installed can
connect to the RD Session Hosts.
• Display a notification when a client computer that does not meet the antivirus requirements
attempts to connect to an RD Session Host. Provide information about how to resolve the
connection problem.
• Ensure that client computers can access only the RD Session Hosts.
You need to recommend a Remote Desktop Services (RDS) management strategy that meets the
requirements. What should you recommend? (More than one answer choice may achieve the goal.
Select the BEST answer.)
A.
Deploy a Remote Desktop Gateway in a perimeter network. Install and configure a Network Policy
and Access Services server. Configure the System Health Validator. Enable the Remote Desktop
Gateway Network Access Protection Enforcement Client. Configure Remote Desktop Connection
Authorization Policies and Remote Desktop Resource Authorization Polices.
B.
Deploy the Routing and Remote Access Service in a perimeter network to support VPN
connections. Install and configure a Network Policy and Access Services server. Enable the Network
Access Protection VPN Enforcement Client. Configure the System Health Validator. Configure static
routes on the VPN server to allow access only to the RD Session Hosts.
C.
Deploy a Remote Desktop Gateway in a perimeter network. Configure Remote Desktop
Connection Authorization Policies and Remote Desktop Resource Authorization Polices. Configure a
logon message.
D.
Deploy the Routing and Remote Access Service in a perimeter network to support VPN
connections. Configure Connection Request Policies to specify which computers can connect to the
corporate network. Configure static routes on the VPN server to allow access only to the RD Session
Hosts.
Explanation:
NAP with SHVs configured will ensure that the AV is installed and up to date. if they ar not you can
direct them to a quatantine/remediation server to update
http ://www.techrepublic.com/article/solutionbase-configuring-network-access-protection-forwindows-server-2008/178022
RD RAP
Remote Desktop resource authorization policies (RD RAPs) allow you to specify the internal network
resources (computers) that remote users can connect to through an RD Gateway server.
http ://technet.microsoft.com/en-us/library/cc730630
RD CAP
Remote Desktop connection authorization policies (RD CAPs) allow you to specify who can connect
to an RD
Gateway server
http ://technet.microsoft.com/en-us/library/cc731544