Home » Microsoft » 70-647 » What should you recommend?
Your network consists of one Active Directory domain
Your company uses a firewall to connect to the Internet. Inbound TCP/IP port 443 is allowed on the firewall.
You have Remote Desktop Services servers on the internal network. You have one server on the internal network that has Remote Desktop Gateway (RD Gateway) deployed. Al servers run Windows Server 2008 R2.
You need to recommend a solution that enables remote users to access network resources by using RD Gateway.
What should you recommend?
A. Change the firewall rules to permit traffic through port 3389 from the Internet.
B. Install the Remote Desktop Services server role with the Remote Desktop Web Access (RD Web Access) services role.
C. Install the Remote Desktop Services server role with the Remote Desktop Connection Broker (RD Connection Broker) services role.
D. Create a Remote Desktop connection authorization policy (RD CAP) and a Remote Desktop resource authorization policy (RD RAP).
Correct Answer: D
Explanation/Reference:
CAP & RAP
RD CAPs allow you to specify who can connect to an RD Gateway server. You can specify a user group that exists on the local RD Gateway server or in Active Directory Domain Services. You can also specify other conditions that users must meet to access an RD Gateway server. You can list specific conditions in each RD CAP. For example, you might require a group of users to use a smart card to connect through RD Gateway.
RD RAPs allow you to specify the internal network resources that remote users can connect to through an RD Gateway server. When you create an RD RAP, you can create a computer group (a list of computers on the internal network to which you want the remote users to connect) and associate it with the RD RAP.
Remote users connecting to an internal network through an RD Gateway server are granted access to computers on the network if they meet the conditions specified in at least one RD CAP and one RD RAP.