You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory domain. All the servers on the network run either Windows Server 2003 or Windows Server 2008 and all client computers run Windows Vista.

All domain controllers on the network run Windows Server 2008 and a firewall server runs Microsoft Internet Security and Acceleration (ISA) Server 2006. The Windows Server 2003 servers have the Terminal Server component installed. You have been asked to give remote users access to the Terminal Server servers.

Which of the following options would you choose to accomplish the given task while ensuring that minimum number of ports open on the firewall server, all remote connections to the Terminal Server servers are encrypted, and access to client computers having Windows Firewall disabled are prevented? (Select two. Each selected option will present a part of the answer.)

A.
Upgrade a Windows Server 2003 server to Windows Server 2008.

B.
Implement the Terminal Services Gateway (TS Gateway) role and configure a Terminal Services resource authorization policy (TS RAP).

C.
Implement the Terminal Services Gateway (TS Gateway) role and Network Access Protection (NAP).

D.
Implement the Terminal Services Gateway (TS Gateway) role and configure a Terminal Services connection authorization policy (TS CAP).

E.
Implement port forwarding and Network Access Quarantine Control on the ISA Server.

Explanation:

To accomplish the given task, you need to upgrade a Windows Server 2003 server to Windows Server 2008. On the Windows Server 2008 server, implement the Terminal Services Gateway (TS Gateway) role, and implement Network Access Protection (NAP).

You need to upgrade Windows Server 2003 server to Windows Server 2008 because NAP is a feature of Windows Server 2008. Network Access Protection helps you ensure that the computers that connect to your network meet health status requirements, reducing the risk that they’ll introduce viruses or serve as the conduit for attacks and exploits. (e.g., updated and protected by a firewall, antivirus, and anti-spyware software) can be connected to a remediation server, to be brought into compliance.

Terminal Services Gateway (TS Gateway) is a role service that enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client. The network resources can be terminal servers, terminal servers running Terminal Services RemoteApp programs, or computers with Remote Desktop enabled TSGateway enables remote users to connect to internal network resources over the Internet, by using an encrypted connection, without needing to configure virtual private network (VPN) connections.

TSGateway transmits RDP traffic to port 443 instead, by using an HTTP Secure Sockets Layer/Transport Layer Security (SSL/TLS) tunnel. Because most corporations open port 443 to enable Internet connectivity, TSGateway takes advantage of this network design to provide remote access connectivity across multiple firewalls.