You have a properly configured certification authority in a active directory domain services domain.
You must implement two-factor authentication and use virtual smart cards to secure user sessions.
You need to implement two-factor authentication for each client device.
What should you install on each client device?
A.
A trusted platform module (TPM) chip.
B.
A user certificate issue by a certification authority.
C.
A smart card reader.
D.
A local computer certificate issued by a certificate authority.
Explanation:
Virtual smart card technology uses cryptographic keys that are stored on computers that have the Trusted Platform Module (TPM) installed.
Basically… think BitLocker….
To Authenticate:
The Virtual Smart Card can be thought of as a Physical Smart card that is contained on the computer. You “swipe” that Virtual Smart Card in your Smart Card
Reader (the TPM chip) and then you enter a PIN to authenticate.
http://www.certifychat.com/70-414-a/344-install-client-device.html?highlight=implement+two-factor+authentication+client+device.