Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 P.2. Server1 has the Network Policy and
Access Services server role installed.
Your company’s security policy requires that certificate-based authentication must be used by some
network services.
You need to identify which Network Policy Server (NPS) authentication methods comply with the
security policy.
Which two authentication methods should you identify? (Each correct answer presents part of the
solution. Choose two.)

A.
MS-CHAP

B.
PEAP-MS-CHAP v2

C.
Chap

D.
EAP-TLS

E.
MS-CHAP v2

Explanation:
PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure
TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate
the server.
When you use EAP with a strong EAP type, such as TLS with smart cards or TLS with certificates, both
the client and the server use certificates to verify their identities to each other.