A company wants to prevent employees who access thecompany’s Remote Desktop Session Hosts (RD
Session Hosts) from introducing malware onto the corporate network.
You have the following requirements:
Ensure that only client computers that have an up-to-date antivirus program installed can connect to the RD
Session Hosts.
Display a notification when a client computer that does not meet the antivirus requirements attempts to
connect to an RD Session Host. Provide information about how to resolve the connection problem.
Ensure that client computers can access only the RDSession Hosts.
You need to recommend a Remote Desktop Services (RDS) management strategy that meets the
requirements.
What should you recommend? (More than one answer choice may achieve the goal. Select the BEST answer.)
A.
Deploy a Remote Desktop Gateway in a perimeter network. Install and configure a Network Policy and
Access Services server. Configure the System HealthValidator. Enable the Remote Desktop Gateway
Network Access Protection Enforcement Client. Configure Remote Desktop Connection Authorization
Policies and Remote Desktop Resource Authorization Polices.
B.
Deploy the Routing and Remote Access Service in aperimeter network to support VPN connections. Install
and configure a Network Policy and Access Services server. Enable the Network Access Protection VPN
Enforcement Client. Configure the System Health Validator.
Configure static routes on the VPN server to allow access only to the RD Session Hosts.
C.
Deploy a Remote Desktop Gateway in a perimeter network. Configure Remote Desktop Connection
Authorization Policies and Remote Desktop Resource Authorization Polices. Configure a logon message.
D.
Deploy the Routing and Remote Access Service in aperimeter network to support VPN connections.
Configure Connection Request Policies to specify which computers can connect to the corporate network.
Configure static routes on the VPN server to allow access only to the RD Session Hosts.
Explanation:
REMOTE DESKTOP GATEWAY AND NETWORK ACCESS PROTECTION
Remote Desktop Gateway (RD Gateway) is a role service that enables authorized remote users to connect to
resources on an internal corporate or private network, from any Internet-connected device that can runthe
Remote Desktop Connection (RDC) client. The networkresources can be Remote Desktop Session Host (RD
Session Host) servers, RD Session Host servers running RemoteApp programs, or computers with Remote
Desktop enabled.
To enhance security, you can configure RD Gateway servers and clients to use Network Access Protection
(NAP). NAP is a health policy creation, enforcement, and remediation technology that is included in Windows
Server 2008 R2, Windows Server 2008, Windows 7, Windows Vista, and Windows XP Service Pack 3. With
NAP, system administrators can enforce health requirements on Remote Desktop Services clients that connect
to the RD Gateway server, which can include firewalls being enabled, security update requirements, required
computer configurations, and other settings. By using NAP, you can help ensure that Remote Desktop Services
clients meet the health policy requirements of yourorganization before they are allowed to connect to
computers on the corporate network through RD Gateway servers.
http://technet.microsoft.com/en-us/library/cc731150.aspx