You manage an Active Directory Domain Services (AD DS) domain. Your company plans to move all of its
resources to Office 365.
You must implement Active Directory Federation Services (AD FS). You place all internet-facing servers on a
perimeter network.
You need to ensure that intranet and extranet users are authenticated before they access network resources.
Which three authentication methods should you provide for extranet users? Each correct answer presents a
complete solution.
NOTE: Each correct selection is worth one point.
A.
Windows Integrated Authentication using Negotiate for NTLM
B.
Windows Integrated Authentication using Negotiate for Kerberos
C.
Authentication with RADIUS
D.
Forms Authentication using username and passwords
E.
Certificate Authentication using certificates mapped to user accounts in AD DS
Explanation:
https://authenticationfactor.wordpress.com/2014/06/18/adfs-3-0-playing-with-authentication/
https://authenticationfactor.wordpress.com/2014/06/18/adfs-3-0-playing-with-authentication/
I think answers are A, D y E, they are asking for extranet users:
“For extranet access, the following authentication mechanisms are supported:
Forms authentication using usernames and passwords
Certificate authentication using certificates that are mapped to user accounts in AD DS
Windows Integrated Authentication using Negotiate (NTLM only) for WS-Trust endpoints that accept Windows Integrated Authentication
0
0
I agree, my skillpipe 346 course notes state the following:
Authentication requirements
In most AD FS deployments, the primary authentication method for the relying party in a federated trust is AD DS authentication. For intranet access, the following standard authentication mechanisms for AD DS are supported:
•
Windows Integrated Authentication using the Negotiate option, which include Kerberos & NTLM
•
Forms Authentication using usernames and passwords
•
Certificate authentication using certificates mapped to user accounts in AD DS
For extranet access, the following authentication mechanisms are supported:
•
Forms authentication using usernames and passwords
•
Certificate authentication using certificates that are mapped to user accounts in AD DS
•
Windows Integrated Authentication using Negotiate (NTLM only) for WS-Trust endpoints that accept Windows Integrated Authentication
0
0
I also think it’s A,D,and E.
0
0
It’s A, D and E.
source: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/design/ad-fs-requirements
0
0