Your network contains an Active Directory domain named contoso.com. The domain contains a server named
Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy Server server role installed.
You need to allow connections that use 802.1x.
What should you create?
A.
A network policy that uses Microsoft Protected EAP (PEAP) authentication
B.
A network policy that uses EAP-MSCHAP v2 authentication
C.
A connection request policy that uses EAP-MSCHAP v2 authentication
D.
A connection request policy that uses MS-CHAP v2 authentication
Explanation:
802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:
EAP (Extensible Authentication Protocol) uses an arbitrary authentication method, such as certificates,
smart cards, or credentials.
EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificate- based security
environments, and it provides the strongest authentication and key determination method.
EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol version 2) is a mutual
authentication method that supports password-based user or computer authentication.
PEAP (Protected EAP) is an authentication method that uses TLS to enhance the security of other EAP
authentication protocols.
Connection request policies are sets of conditions and settings that allow network administrators to designate
which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and
authorization of connection requests that the server running Network Policy Server (NPS) receives from
RADIUS clients. Connection request policies can be configured to designate which RADIUS servers are used
for RADIUS accounting.
With connection request policies, you can use NPS as a RADIUS server or as a RADIUS proxy, based on
factors such as the following:
The time of day and day of the week
The realm name in the connection request
The type of connection being requested
The IP address of the RADIUS client