PrepAway - Latest Free Exam Questions & Answers

Which two authentication methods should you disable? (Each correct answer presents part of the solution

Your network contains a server that runs Windows Server 2008 R2.
The server has the Web Server (IIS) role installed.
The server has a Web application that uses HTTP.
All authentication methods are enabled for the Web application.

You need to prevent passwords from being sent over the network in clear text.

Which two authentication methods should you disable? (Each correct answer presents part of the solution. Choose two.)

PrepAway - Latest Free Exam Questions & Answers

A.
Anonymous

B.
Basic

C.
Digest

D.
Forms

E.
Windows Integrated

Explanation:
Configure Basic Authentication (IIS 7)
Basic authentication requires that users provide a valid user name and password to access content. This authentication method does not require a specific browser, and all major browsers support it. Basic authentication also works across firewalls and proxy servers. For these reasons, it is a good choice when you want to restrict access to some, but not all, content on a server.
However, the disadvantage of Basic authentication is that it transmits unencrypted base64-encoded passwords across the network. You should use Basic authentication only when you know that the connection between the client and the server is secure. The connection should be established either over a dedicated line or by using Secure Sockets Layer (SSL) encryption and Transport Layer Security (TLS). For example, to use Basic authentication with Web Distributed Authoring and Versioning (WebDAV), you should configure SSL encryption.

http://technet.microsoft.com/en-us/library/cc772009(WS.10).aspx

Configuring Forms Authentication (IIS 7)
Forms authentication uses client-side redirection to forward unauthenticated users to an HTML form where they can enter their credentials, which are usually a user name and password. After the credentials are validated, users are redirected to the page they originally requested.
Because Forms authentication sends the user name and password to the Web server as plain text, you should use Secure Sockets Layer (SSL) encryption for the logon page and for all other pages in your application except the home page.

http://technet.microsoft.com/en-us/library/cc771077(WS.10).aspx

Check this link on MSDN for a nice comparisation of all authentication methods:
http://msdn.microsoft.com/en-us/library/aa292114.aspx


Leave a Reply