You manage an Active Directory Domain Services (AD DS) domain. Your company plans to move all of its resources to Office 365.

You must implement Active Directory Federation Services (AD FS). You place all internet-facing servers on a peri

meter network.

You need to ensure that intranet and extranet users are authenticated before they access network resources.

Which three authentication methods should you provide for extranet users? Each correct answer presents a complete solution.

NOTE:

Each correct selection is worth one point.

A. Windows Integrated Authentication using Negotiate for NTLM

B. Windows Integrated Authentication using Negotiate for Kerberos

C. Authentication with RADIUS

D. Forms Authentication using username and passwords

E. Certificate Authentication using certificates mapped to user accounts in AD DS

Explanation:

For extranet access, the following authentication mechanisms are supported:

Forms Authentication using username/passwords

Certificate Authentic

ation using certificates that are mapped to user accounts in AD DS

Windows Integrated Authentication using Negotiate (NTLM only) for WS-Trust endpoints that accept Windows Integrated Authentication.

References:

https://docs.microsoft.com/en-us/windows-ser

ver/identity/ad-fs/design/ad-fs-requirements