Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 P.2. Server1 has the
Network Policy and Access Services server role installed.
Your company’s security policy requires that certificate-based authentication must be used
by some network services.
You need to identify which Network Policy Server (NPS) authentication methods comply with
the security policy.
Which two authentication methods should you identify? (Each correct answer presents part
of the solution. Choose two.)
A.
MS-CHAP
B.
PEAP-MS-CHAP v2
C.
Chap
D.
EAP-TLS
E.
MS-CHAP v2
Explanation:
PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create
a secure TLS tunnel to protect user authentication, and uses server-side public key
certificates to authenticate the server.
When you use EAP with a strong EAP type, such as TLS with smart cards or TLS with
certificates, both the client and the server use certificates to verify their identities to each
other.
B and D
0
0
correct:
“Two authentication methods, when configured with certificate-based authentication types, use certificates: Extensible Authentication Protocol (EAP) and Protected EAP (PEAP). By using EAP, you can configure the authentication type Transport Layer Security (EAP-TLS), and with PEAP you can configure the authentication types TLS (PEAP-TLS) and Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2). These authentication methods always use certificates for server authentication”
https://technet.microsoft.com/en-us/library/dd197564%28v=ws.10%29.aspx
1
0