You have a properly configured certification authority in an Active Directory Domain Services domain.
You must implement two-factor authentication and use virtual smart cards to secure user sessions.
You need to implement two-factor authentication for each client device.What should you install on each client device?
A.
a smart card reader
B.
a user certificate issued by a certification authority
C.
a Trusted Platform Module (TPM) chip
D.
a local computer certificate issued by a certificate authority
Explanation:
A Complete Guide on Active Directory Certificate Services in Windows Server 2008 R2
http://blog.windowsserversecurity.com/2012/01/17/a-complete-guide-on-active-directory-certificateservices-in-windows-server-2008-r2/
C
0
0
B is correct. You need a trusted user certificate to secure the user session with 2FA. A TPM is just a place to store such a certificate, and isn’t sufficient in and of itself. It is also not necessary.
0
0