Home » Microsoft » 70-647 » What should you recommend?
Your network consists of one Active Directory domain.
Your company uses a firewall to connect to the Internet. Inbound TCP/IP port 443 is allowed on the firewall.
You have terminal servers on the internal network. You have one server on the internal network that has Terminal Services Gateway (TS Gateway) deployed. All servers run Windows Server 2008.
You need to recommend a solution that enables remote users to access network resources by using TS Gateway.
What should you recommend?
A. Change the firewall rules to permit traffic through port 3389 from the Internet.
B. Install the Terminal Services server role with the Terminal Services Web Access (TS Web Access) services role.
C. Install the Terminal Services server role with the Terminal Services Session Broker (TS Session Broker) services role.
D. Create a Terminal Services connection authorization policy (TS CAP) and a Terminal Services resource authorization policy (TS RAP).
Correct Answer: D
Explanation/Reference:
Explanation:
To implement a solution that enables remote users to access network resources by using TS Gateway, you need to create a Terminal Services connection authorization policy (TS CAP) and a Terminal Services resource authorization policy (TS RAP). TS CAPs allow you to specify who can connect to a TS Gateway server. Users are granted access to a TS Gateway server if they meet the conditions specified in the TS CAP. You must also create a Terminal Services resource authorization policy (TS RAP). A TS RAP allows you to specify the internal network resources that users can connect to through TS Gateway. Until you create both a TS CAP and a TS RAP, users cannot connect to internal network resources through this TS Gateway server.
Reference: Terminal Services Gateway (TS Gateway) / Why are TS CAPs important?
http://technet2.microsoft.com/windowsserver2008/en/library/9da3742f-699d-4476-b050- c50aa14aaf081033.mspx?mfr=true