Your network consists of one Active Directory domain. Your company uses a firewall to connect to
the Internet. Inbound TCP/IP port 443 is allowed on the firewall. You have terminal servers on the
internal network. You have one server on the internal network that has Terminal Services Gateway
(TS Gateway) deployed. All servers run Windows Server 2008. You need to recommend a solution
that enables remote users to access network resources by using TS Gateway. What should you
recommend?

A.
Change the firewall rules to permit traffic through port 3389 from the Internet.

B.
Install the Terminal Services server role with the Terminal Services Web Access (TS Web Access)
services role.

C.
Install the Terminal Services server role with the Terminal Services Session Broker (TS Session
Broker) services role.

D.
Create a Terminal Services connection authorization policy (TS CAP) and a Terminal Services
resource authorization policy (TS RAP).

Explanation:

To implement a solution that enables remote users to access network resources by using TS
Gateway, you need to create a Terminal Services connection authorization policy (TS CAP) and a
Terminal Services resource authorization policy (TS RAP). TS CAPs allow you to specify who can
connect to a TS Gateway server. Users are granted access to a TS Gateway server if they meet the
conditions specified in the TS CAP. You must also create a Terminal Services resource authorization
policy (TS RAP). A TS RAP allows you to specify the internal network resources that users can connect
to through TS Gateway. Until you create both a TS CAP and a TS RAP, users cannot connect to
internal network resources through this TS Gateway server.
Terminal Services Gateway (TS Gateway) / Why are TS CAPs important?
http://technet2.microsoft.com/windowsserver2008/en/library/9da3742f-699d-4476-b050-
c50aa14aaf081033.mspx?mfr=true