Your

network contains an Active Directory domain named contoso.com. The domain contains multiple sites.

You plan to deploy DirectAccess.

The network security policy states that when client computers connect to the corporate network from the Internet, all of t

he traffic destined for the Internet must be routed through the corporate network.

You need to recommend a solution for the planned DirectAccess deployment that meets the security policy requirement

Solution: You set the ISATAP State to state disabled.

Does this meet the goal?

A. Yes

B. No

Explanation:

With NAT64 and DNS64, the DirectAccess server now has the ability to take those client IPv6 packets and spin them down into IPv4 packets, so you can simply leave your internal network all IP

v4. So back in the beginning it was standard practice to enable ISATAP globally. Today, because of the known issues, it is recommended not to use ISATAP at all, unless you have a specific reason for needing it

Note: ISATAP defines a method for generating a

link-localIPv6 address from an IPv4 address, and a mechanism to perform Neighbor Discovery on top of IPv4.

Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.

You plan to deploy Dir

ectAccess.

The network security policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.

You need to recommend a solution for t

he planned DirectAccess deployment that meets the security policy requirement.

Solution: You enable split tunneling.

Does this meet the goal?

A. Yes

B. No

Explanation:

DirectAccess by default enables split tunneling. All traffic destined

to the corpnet is sent over the DA IPsec tunnels, and all traffic destined for the Internet is sent directly to the Internet over the local interface. This prevents DA clients from bringing the corporate Internet connection to its knees.

Is DA split

tunneling really a problem? The answer is no.

Why? Because the risks that exist with VPNs, where the machine can act as a router between the Internet and the corporate network is not valid with DirectAccess. IPsec rules on the UAG server require that traf

fic be from an authenticated source, and all traffic between the DA client and server is protected with IPsec.

Thus, in the scenario where the DA client might be configured as a router, the source of the traffic isn-t going to be the DA client, and authen

tication will fail – hence preventing the type of routing that VPN admins are concerned about.

Your network contains an Active Directory domain named contoso.com. The domain contains multiple sites.

You plan to deploy Direct Access.

The network securi

ty policy states that when client computers connect to the corporate network from the Internet, all of the traffic destined for the Internet must be routed through the corporate network.

You need to recommend a solution for the planned Direct Access deplo

yment that meets the security policy requirement.

Solution: You enable force tunneling.

Does this meet the goal?

A. Yes

B. No

Explanation:

DirectAccess allows connectivity to organizational network resources without the need for

traditional virtual private network (VPN) connections.

DirectAccess allows remote users to securely access internal network file shares, Web sites, and applications without connecting to a virtual private network (VPN). An internal network is also known a

s a private network or intranet. DirectAccess establishes bi-directional connectivity with an internal network every time a DirectAccess-enabled computer connects to the Internet, even before the user logs on. Users never have to think about connecting to

the internal network and IT administrators can manage remote computers outside the office, even when the computers are not connected to the VPN.