You work as an Exchange Administrator for TechWorld Inc. The company has a Windows 2008 Active
Directory-based network. The network contains an Exchange Server 2010 organization. You are in
the process of choosing an authentication method for Exchange ActiveSync. You need an
authentication method that requires both, a password and an external device. Which of the
following authentication methods will you choose for Exchange ActiveSync?
A.
Device-based authentication
B.
Basic authentication
C.
Certificate-based authentication
D.
Token-based authentication
Explanation:
A token-based authentication system is a two-factor authentication system. Two factor
authentication is based on two types of information: First, a piece of information that a user knows,
such as the password; Second, an external device such as a credit card or a key fob a user can carry
with them. Each device has a unique serial number. In addition to hardware tokens, some vendors
offer software-based tokens that are capable of running on mobile devices. The token-based
authentication is a strong form of authentication.Answer C is incorrect. The certificate-based authentication uses a digital certificate to verify an
identity. In addition to the user name and password, other credentials are also provided to prove theidentity of the user who is trying to access the mailbox resources stored on the Exchange 2010
server. A digital certificate consists of two components: the private key that is stored on the device
and the public key that is installed on the server.
If Exchange 2010 is configured to require certificate-based authentication for Exchange ActiveSync,
only devices that meet the following criteria can synchronize with Exchange 2010:
1.The device has a valid client certificate installed that was created for the user authentication.
2.The device has a trusted root certificate for the server to which the user is connecting to establish
the SSL connection.Answer B is incorrect. The basic authentication is the simplest form of authentication. In basic
authentication, the client submits a user name and a password to the server. The user name and
password are sent to the server in clear text over the Internet. The server verifies whether the user
name and password are valid and grants or denies access to the client accordingly. The basic
authentication is enabled for Exchange ActiveSync by default. However, it is recommended that
basic authentication should be disabled unless SSL is also deployed. When basic authentication is
used over SSL, the user name and password are still sent in plain text, but the communication
channel is encrypted.Answer A is incorrect. There is no such authentication method as device-based authentication.