You need to ensure that you collect inventory data from the remote computers

Your network contains a System Center 2012 Configuration Manager environment that contains six
servers configured as shown in the following table:

Server5 and Server6 are in the perimeter network, while Server1, Server2, Server3, and Server4 are
in the internal network.

A corporate security policy states that remote computers are forbidden to communicate directly
with servers on the internal network.
You need to ensure that you collect inventory data from the remote computers.
What should you do?

A.
Install Windows Server Update Services (WSUS) on Server3.

B.
Configure the Exchange connector on Server3.

C.
Install a management point on Server2.

D.
Install a PXE-enabled protected distribution point on Server6.

E.
Install a software update point on Server3.

F.
Install Network Load Balancing (NLB) on Server6.

G.
Install an enrollment proxy point on Server6.

H.
Install the Windows Cluster service on Server3.

I.
Install a protected distribution point on Server1.

J.
Configure IIS to support only HTTPS on Server3.
K.
Install a management point on Server5.
L.
Install the Windows Cluster service on Server6.
M.
Configure IIS to support only HTTP on Server5.
N.
Install Network Load Balancing (NLB) on Server3.
O.
Install a PXE-enabled protected distribution point on Server4.

Explanation:
http://technet.microsoft.com/en-us/library/gg712701.aspx
Planning for Communications in Configuration Manager
Planning for Communications Across Forests in Configuration Manager
When your Configuration Manager design spans multiple Active Directory domains and forests, use
the additional information in the following table to help you plan for the following types of
communication:
..
Communication in a site that spans forests: Does not require a two-way forest trust.
To support clients primary sites support the installation of each site system role on computers in
other forests.
Note: Two exceptions are the out of band service point and the Application Catalog web service
point. Each must be installed in the same forest as the site server.
When the site system role accepts connections from the Internet, as a security best practice, install
these site system roles in an untrusted forest (for example, in a perimeter network) so that the
forest boundary provides protection for the site server.
When you specify a computer to be a site system server, you must specify the Site System
Installation Account. This account must have local administrative credentials to connect to, and then
install site system roles on the specified computer.
When you install a site system role in an untrusted forest, you must select the site system option
Require the site server to initiate connections to this site system. This configuration enables the site
server to establish connections to the site system server to transfer data. This prevents the site
system server that is in the untrusted location from initiating contact with the site server that is
inside your trusted network. These connections use the Site System Installation Account that you
use to install the site system server. The management point and enrollment point site system roles
connect to the site database. By default, when these site system roles are installed, Configuration
Manager configures the computer account of the new site system server as the connection account
and adds the account to the appropriate SQL Server database role. When you install these site
system roles in an untrusted domain, you must configure the site system role connection account to
enable the site system role to obtain information from the database.
If you configure a domain user account for these connection accounts, ensure that the account has
appropriate access to the SQL Server database at that site:
* Management point: Management Point Database Connection Account
* Enrollment point: Enrollment Point Connection Account
Consider the following additional information when you plan for site system roles in other forests:
* If you run a Windows Firewall, configure the applicable firewall profiles to pass communications
between the site database server and computers that are installed with remote site system roles.
* When the Internet-based management point trusts the forest that contains the user accounts, user
policies are supported. When no trust exists, only computer policies are supported.
Further information:
The Management Point will collect all Client data and forward it to the Primary Site Server.