Which of the following options would you choose to accomplish the desired task?

You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory domain. All the servers in the domain run Windows Server 2008 and all client computers run Windows Vista.
The network contains five Windows Server 2008 servers that have the Terminal Server component installed.
You have been assigned the task to create a remote access strategy for the terminal server users and ensure that the remote users can access only specific resources on the internal network. You also need to ensure that all remote connections to the terminal servers are encrypted.
Which of the following options would you choose to accomplish the desired task? (Select Two. Each correct answer will present a part of the answer.)

You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory domain. All the servers in the domain run Windows Server 2008 and all client computers run Windows Vista.
The network contains five Windows Server 2008 servers that have the Terminal Server component installed.
You have been assigned the task to create a remote access strategy for the terminal server users and ensure that the remote users can access only specific resources on the internal network. You also need to ensure that all remote connections to the terminal servers are encrypted.
Which of the following options would you choose to accomplish the desired task? (Select Two. Each correct answer will present a part of the answer.)

A.
Configure the Terminal Services Gateway (TS Gateway) role and a Terminal Services resource authorization policy (TS RAP) on the server.

B.
Require authentication on all inbound connections to the Server.

C.
Upgrade a Windows Server 2003 server to Windows Server 2008.

D.
Configure the Terminal Services Gateway (TS Gateway) role and a Terminal Services connection authorization policy (TS CAP) on the server.

E.
Configure TS Gateway server to use an appropriate Secure Sockets Layer (SSL)-compatible X.509 certificate

Explanation:

To create a remote access strategy for the terminal server users and ensure that the remote users can access only specific resources on the internal network, you need to configure the Terminal Services Gateway (TS Gateway) role and a Terminal Services resource authorization policy (TS RAP) on the server. You also need to configure TS Gateway server to use an appropriate Secure Sockets Layer (SSL)-compatible X.509 certificate.
TS Gateway allows the connection to internal Terminal servers and RDP-enabled machines from the outside. For remote clients to successfully connect to internal network resources (computers) through a Terminal Services Gateway (TS Gateway) server, the TS Gateway server must be configured correctly. The TS Gateway server must be configured to use an appropriate Secure Sockets Layer (SSL)-compatible X.509 certificate, and authorization policy settings must be configured correctly. Terminal Services resource authorization policies (TS RAPs) specify the internal network resources that clients can connect to through a TS Gateway server.
TS Gateway enables the external vendors to connect to it via SSL, pass a certain authentication process and policy evaluation, and only if allowed, it passes the RDP traffic to specified internal machines.
These machines return the required data, and the TS Gateway then encrypts the data with SSL and passes it back to the remote user. The benefits in this scenario include the ability to use SSL-based encryption.
http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Terminal-Services-Gateway-Part2.html



Leave a Reply 0

Your email address will not be published. Required fields are marked *