Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2 and has the Remote
Access server role installed.
A user named User1 must connect to the network remotely. The client computer of User1
requires Challenge Handshake Authentication Protocol (CHAP) for remote connections.
CHAP is enabled on Server1.
You need to ensure that User1 can connect to Server1 and authenticate to the domain.
What should you do from Active Directory Users and Computers?
A.
From the properties of User1, select Store password using reversible encryption.
B.
From the properties of Server1, assign the Allowed to Authenticate permission to User1.
C.
From the properties of User1, select Use Kerberos DES encryption types for this account.
D.
From the properties of Server1, select Trust this computer for delegation to any service
(Kerberos only).
A
To enable CHAP-based authentication, you must do the following:
Enable CHAP as an authentication protocol on the remote access server. CHAP is disabled by default.
Enable CHAP on the appropriate remote access policy.
Enable storage of a reversibly encrypted form of the user’s password.
You can enable storage of a reversibly encrypted form of the user’s password per user account or enable storage for all accounts in a domain. For more information, see Enable reversibly encrypted passwords in a domain.
link:
https://technet.microsoft.com/en-us/library/cc757631%28v=ws.10%29.aspx
Answer is A