Your network consists of a single Active Directory domain. All domain controllers run Windows
Server 2008 R2. There are five Windows Server 2003 SP2 servers that have the Terminal Server
component installed. A firewall server runs Microsoft Internet Security and Acceleration (ISA) Server
2006. You plan to give remote users access to the Remote Desktop Services servers. You need to
create a remote access strategy for the Remote Desktop Services servers that meets the following
requirements:
·Restricts access to specific Remote Desktop Services servers
·Encrypts all connections to the Remote Desktop Services servers
·Minimizes the number of open ports on the firewall server
What should you do?

A.
Implement SSL bridging on the ISA Server. Require authentication on all inbound connections to
the ISA Server.

B.
Implement port forwarding on the ISA Server. Require authentication on all inbound connections
to the ISA Server.

C.
Upgrade a Windows Server 2003 SP2 server to Windows Server 2008 R2. On the Windows Server
2008 R2 server, implement the Remote Desktop Gateway (RD Gateway) role service, and configure a
Remote Desktop resource authorization policy (RD RAP).

D.
Upgrade a Windows Server 2003 SP2 server to Windows Server 2008 R2. On the Windows Server
2008 R2 server, implement the Remote Desktop Gateway (RD Gateway) role service, and configure a
Remote Desktop connection authorization policy (RD CAP).

Explanation:

MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration:
Terminal Services Gateway TS Gateway allows Internet clients secure, encrypted access to Terminal
Servers behind your organization’s firewall without having to deploy a Virtual Private Network (VPN)
solution. This means that you can have users interacting with their corporate desktop or applications
from the comfort of their homes without the problems that occur when VPNs are configured to run
over multiple Network Address Translation (NAT) gateways and the firewalls of multiple vendors.
TS Gateway works using RDP over Secure Hypertext Transfer Protocol (HTTPS), which is the same
protocol used by Microsoft Office Outlook 2007 to access corporate Exchange Server 2007 Client
Access Servers over the Internet. TS Gateway Servers can be configured with connection
authorization policies and resource authorization policies as a way of differentiating access to
Terminal Servers and network resources.
Connection authorization policies allow access based on a set of conditions specified by the
administrator; resource authorization policies grant access to specific Terminal Server resources
based on user account properties.
Resource Authorization Policies
Terminal Services resource authorization policies (TS-RAPs) are used to determine the specific
resources on an organization’s network that an incoming TS Gateway client can connect to. When
you create a TS-RAP you specify a group of computers that you want to grant access to and the
group of users that you will allow this access to. For example, you could create a group of computers
called AccountsComputers that will be accessible to members of the Accountants user group. To be
granted access to internal resources, a remote user must meet the conditions of at least one TS-CAP
and at least one TS-RAP.