You have a computer that runs Windows 7.
Your network contains a VPN server that runs Windows Server 2008.
You need to authenticate to the VPN server by usinga smart card.
Which authentication setting should you choose?

A.
CHAP

B.
EAP

C.
MS-CHAP v2

D.
PAP

Explanation:
1046 20206
VPN Server Software Requirements
VPN server software requirements for smart card access are relatively straightforward. The remote access
servers must run Windows 2000 Server or later, haveRouting and Remote Access enabled, and must support
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS).
EAP-TLS is a mutual authentication mechanism developed for use in conjunction with security devices, such as
smart cards and hardware tokens. EAP-TLS supports Point-to-Point Protocol (PPP) and VPN connections, and
enables exchange of shared secret keys for MPPE, inaddition to IPsec.
The main benefits of EAP-TLS are its resistance to brute-force attacks and its support for mutual
authentication. With mutual authentication, both client and server must prove their identities to eachother. If
either client or server does not send a certificateto validate its identity, the connection terminates.
Microsoft Windows Server™ 2003 supports EAP-TLS fordial-up and VPN connections, which enables the use
of smart cards for remote users. For more information about EAP-TLS, see the Extensible Authentication
Protocol (EAP) topic at www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/
auth_eap.mspx.
For more information about EAP certificate requirements, see the Microsoft Knowledge Base article “Certificate
Requirements when you use EAP-TLS or PEAP with EAP-TLS” at http://support.microsoft.com/default.aspx?
scid=814394.