You administer laptop and desktop computers that run Windows 8 Pro. Your company uses
Active Directory Domain Services (AD DS) and Active Directory Certificate Services (AD
CS).
Your company decides that access to the company network for all users must be controlled
by two-factor authentication.
You need to configure the computers to meet this requirement.
What should you do?
A.
Install smart card readers on all computers. Issue smart cards to all users.
B.
Enable the Password must meet complexity requirements policy setting. Instruct users to
log on by using the domain \username format for their username and their strong password.
C.
Create an Internet Protocol security (IPsec) policy that requires the use of Kerberos to
authenticate all traffic. Apply the IPsec policy to the domain.
D.
Issue photo identification to all users. Instruct all users to set up and use PIN Logon.
Something the user has and something the user knows. The correct answer should be D.
A would just be “something the user has”, and doesn’t really require multiple types of authentication.
0
0
That’s true but the user doesn’t have to do anything with the photo ID when attempting to sign into the computer. Smart card requires a PIN as well as the card itself.
0
0
Smart card requires a pin to be entered after the card is inserted. Answer is A.
0
0
Answer: A
Explanation:
Smart cards contain a microcomputer and a small amount of memory, and they provide secure, tamper-proof storage for private keys and X.509 security certificates.
A smart card is a form of two-factor authentication that requires the user to have a smart card and know the PIN to gain access to network resources.
Registry certificates cannot be used for two factor authentication. Although certificates are ideal candidates for two-factor authentication, registry certificates – which are protected by a strong private key and are the most appropriate certificates for two-factor authentication – cannot be used. The reason for this is that Windows does not support registry certificates and completely ignores them.
As a result, organizations must deploy and manage complex and expensive smart card solutions rather than using registry based certificates.
http://technet.microsoft.com/en-us/library/cc770519.aspx
http://technet.microsoft.com/en-us/library/jj200227.aspx
0
0
Answer: A
0
0