Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 P.2. Server1 has the Network Policy and
Access Services server role installed.
You plan to deploy 802. lx authentication to secure the wireless network.
You need to identify which Network Policy Server (NPS) authentication method supports certificatebased mutual authentication for the 802.1x deployment.
Which authentication method should you identify?
A.
MS-CHAP
B.
PEAP-MS-CHAPv2
C.
EAP-TLS
D.
MS-CHAP v2
Explanation:
802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:
EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as
certificates, smart cards, or credentials.
EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificate-based security
environments, and it provides the strongest authentication and key determination method.
EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a
mutual authentication method that supports password-based user or computer authentication.
PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other
EAP authentication protocols.
“Because PEAP-MS-CHAP v2 requires that users provide password-based credentials rather than a certificate during the authentication process, it is easier and less expensive to deploy than EAP-TLS or PEAP-TLS.”
http://technet.microsoft.com/en-us/library/dd183603(v=ws.10).aspx
2
0