- By J.C. Mackin
This section contains the answers to the Objective Review and the Thought Experiment.
Objective 6.1: Review
Correct answer: C
- Incorrect: In Windows Server 2012 R2 and Windows 8.1, Kerberos can be used in place of a computer certificate.
- Incorrect: A user certificate is not required to establish a DirectAccess connection.
- Correct: DirectAccess connections are based on IPv6 communication. If the DirectAccess client cannot obtain a global IPv6 address from its environment, the client must obtain one with the aid of an IPv6 transition technology.
- Incorrect: IPv4 communication is not required for DirectAccess.
Correct answer: B
- Incorrect: If only desktop computers and virtual machines are having trouble connecting through DirectAccess, this setting is most likely already enabled.
- Correct: This command would disable the setting that limits DirectAccess connectivity to mobile computers only.
- Incorrect: This setting would force all traffic from the client to pass through the DirectAccess connection. It would not help desktop and virtual computers establish a DirectAccess connection.
- Incorrect: This setting would remove the requirement that clients force all traffic to pass through the DirectAccess connection. It would not help desktop and virtual computers establish a DirectAccess connection.
Correct answer: A
- Correct: This command would deploy DirectAccess for remote management only.
- Incorrect: This command would deploy full DirectAccess for client access and remote management.
- Incorrect: This command would require NAP health checks on DirectAccess clients. It would not configure DirectAccess clients for management only.
- Incorrect: This command would disable NAP health checks on DirectAccess clients. It would not configure DirectAccess clients for management only.
- You can configure the NPRT so that the four internal Fabrikam.com resources are associated with internal DNS servers.
- You can enable a multisite deployment. You first need to make sure that the DirectAccess servers are running Windows Server 2012 or later, that the clients are running Windows 8 or later, and that your company has deployed a PKI.
- Configure a DNS suffix search list in the Infrastructure Server Setup for the DirectAccess deployment for the Na.fabrikam.com domain.
- You can consider virtual smart cards or OTPs.