You manage an Active Directory Domain Services (AD DS) domain. Your company plans to move all of its resources to Office 365.
You must implement Active Directory Federation Services (AD FS). You place all internet-facing servers on a peri
meter network.
You need to ensure that intranet and extranet users are authenticated before they access network resources.
Which three authentication methods should you provide for extranet users? Each correct answer presents a complete solution.
NOTE:
Each correct selection is worth one point.
A. Windows Integrated Authentication using Negotiate for NTLM
B. Windows Integrated Authentication using Negotiate for Kerberos
C. Authentication with RADIUS
D. Forms Authentication using username and passwords
E. Certificate Authentication using certificates mapped to user accounts in AD DS
Explanation:
For extranet access, the following authentication mechanisms are supported:
Forms Authentication using username/passwords
Certificate Authentic
ation using certificates that are mapped to user accounts in AD DS
Windows Integrated Authentication using Negotiate (NTLM only) for WS-Trust endpoints that accept Windows Integrated Authentication.
References:
https://docs.microsoft.com/en-us/windows-ser
ver/identity/ad-fs/design/ad-fs-requirements