Does this meet the goal?

Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be
routed through the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement
Solution: You set the ISATAP State to state disabled.
Does this meet the goal?

Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.
You plan to deploy DirectAccess.
The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be
routed through the corporate network.
You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement
Solution: You set the ISATAP State to state disabled.
Does this meet the goal?

A.
Yes

B.
No

Explanation:
With NAT64 and DNS64, the DirectAccess server now has the ability to take those client IPv6 packets and spin them down into IPv4 packets, so you can simply
leave your internal network all IPv4. So back in the beginning it was standard practice to enable ISATAP globally. Today, because of the known issues, it is
recommended not to use ISATAP at all, unless you have a specific reason for needing it

Note: ISATAP defines a method for generating a link-local IPv6 address from an IPv4 address, and a mechanism to perform Neighbor Discovery on top of IPv4.
IS ISATAP REQUIRED FOR DIRECTACCESS?



Leave a Reply 2

Your email address will not be published. Required fields are marked *


Corey

Corey

Answer is Wrong, Correct Answer is B

Information taken from previous dump
http://www.aiotestking.com/microsoft/does-this-meet-the-goal-3/

The security policy states that when remote client computers are connected via the Direct Access Tunnel (to the corporate network)they must access the Internet as well, through the corporate network.

Split-Tunneling (which is enabled by default on Direct Access) configures the setup so that client computers connect to their corporate network through Direct Access, but if they wish to access the internet, they use their local internet connection to do so.

Force-Tunneling configures the setup so that clients access their corporate network data though the DA connection AND they access the internet through it too (basically using the corporate internet connection by proxy through the DA Tunnel).

Disabling ISATAP would not do this, as far as I know.

Another version of this question has the option “Enable Force Tunneling.” That is the correct answer for that.

Harby

Harby

I agree with Corey