You have a computer that runs Windows 7.

Your network contains a VPN server that runs Windows Server 2008.

You need to authenticate to the VPN server by using a smart card.

Which authentication setting should you choose?

A.
CHAP

B.
EAP

C.
MS-CHAP v2

D.
PAP

Explanation:
VPN Server Software Requirements
VPN server software requirements for smart card access are relatively straightforward. The remote access servers must run Windows 2000 Server or later, have Routing and Remote Access enabled, and must support Extensible Authentication Protocol-Transport Layer Security (EAP-TLS).

EAP-TLS is a mutual authentication mechanism developed for use in conjunction with security devices, such as smart cards and hardware tokens. EAP-TLS supports Point-to-Point Protocol (PPP) and VPN connections, and enables exchange of shared secret keys for MPPE, in addition to IPsec.

The main benefits of EAP-TLS are its resistance to brute-force attacks and its support for mutual authentication. With mutual authentication, both client and server must prove their identities to each other. If either client or server does not send a certificate to validate its identity, the connection terminates.

Microsoft Windows Server 2003 supports EAP-TLS for dial-up and VPN connections, which enables the use of smart cards for remote users. For more information about EAP-TLS, see the Extensible Authentication Protocol (EAP) topic at www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/auth_eap.mspx.

For more information about EAP certificate requirements, see the Microsoft Knowledge Base article “Certificate Requirements when you use EAP-TLS or PEAP with EAP-TLS” at http://support.microsoft.com/default.aspx?scid=814394.