question on 70-290 from the techexam practice exam

[cliffjag1987]

2. You are the administrator at a large company. The company's Windows 2003 domain spans several remote locations, each with its own file servers. Some of the remote locations use application servers at the main office, and all the remote locations use a single shared Internet connection through a firewall located at the main office. Administrative permissions for local servers are delegated to local system admins, but once in a while they need your support. Several times, a local system admin has requested remote assistance from a buddy of his, to help him out with some problems on the file servers. How should you prevent local system admins from sending Remote Assistance invitations to people outside the corporate network? (Select the best answer)

Practice exam answer is :

e. Block inbound and outbound traffic to port 3389 at the firewall.

I don't agree with this answer. If you block 3389 on the firewall nobody can remotely access a servers. Thats means i also can't remotly access something. Thus i mean the administrator in this scenario. How will i give them support via internet if port 3389 is closed.

Can you enlight this question for me????

[DfyAnt]

Correct, but the question is asking you to pick the "best" answer for this particular scenario. Therefore blocking 3389 will be the best solution.

[Webmaster]

How should you prevent local system admins from sending Remote Assistance invitations to people outside the corporate network? (Select the best answer)

Thus i mean the administrator in this scenario. How will i give them support via internet if port 3389 is closed?

You, the administrator, are inside the corporate network, so there's no firewall between you and the remote locations, they are in the same corporate WAN (they have to, cause they use the same shared Internet connection through a firewall located at the main office).