Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the
Network Policy Server server role installed.
You need to allow connections that use 802.1x.
What should you create?
A.
A network policy that uses Microsoft Protected EAP (PEAP) authentication
B.
A network policy that uses EAP-MSCHAP v2 authentication
C.
A connection request policy that uses EAP-MSCHAP v2 authentication
D.
A connection request policy that uses MS-CHAP v2 authentication
Explanation:
802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:
EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as
certificates, smart cards, or credentials.
EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificate-based
security environments, and it provides the strongest authentication and key determination
method.
EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2)
is a mutual authentication method that supports password-based user or computer
authentication.
PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of
other EAP authentication protocols.
Connection request policies are sets of conditions and settings that allow network
administrators to designate which Remote Authentication Dial-In User Service (RADIUS)
servers perform the authentication and authorization of connection requests that the server
running Network Policy Server (NPS) receives from RADIUS clients. Connection request
policies can be configured to designate which RADIUS servers are used for RADIUS
accounting.
With connection request policies, you can use NPS as a RADIUS server or as a RADIUS
proxy, based on factors such as the following:
The time of day and day of the week
The realm name in the connection request
The type of connection being requested
The IP address of the RADIUS client