Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 P.2. Server1 has the
Network Policy and Access Services server role installed.
You plan to deploy 802. lx authentication to secure the wireless network.
You need to identify which Network Policy Server (NPS) authentication method supports
certificate-based mutual authentication for the 802.1x deployment.
Which authentication method should you identify?
A.
MS-CHAP
B.
PEAP-MS-CHAPv2
C.
EAP-TLS
D.
MS-CHAP v2
Explanation:
802.1X uses EAP, EAP-TLS, EAP-MS-CHAP v2, and PEAP authentication methods:
• EAP (Extensible Authentication Protocol) uses an arbitrary authentication method,
such as certificates, smart cards, or credentials.
• EAP-TLS (EAP-Transport Layer Security) is an EAP type that is used in certificatebased security environments, and it provides the strongest authentication and key
determination method.
• EAP-MS-CHAP v2 (EAP-Microsoft Challenge Handshake Authentication Protocol
version 2) is a mutual authentication method that supports password-based user or
computer authentication.
• PEAP (Protected EAP) is an authentication method that uses TLS to enhance the
security of other EAP authentication protocols.
“Because PEAP-MS-CHAP v2 requires that users provide password-based credentials rather than a certificate during the authentication process, it is easier and less expensive to deploy than EAP-TLS or PEAP-TLS.”
http://technet.microsoft.com/en-us/library/dd183603(v=ws.10).aspx
Thanks, The link is very helpful 🙂
so what do you mean ?? B instead of C ??
No, the answer has to be C – the question explicitly lists certificate-based as a factor so any form of CHAP is out.
its C
C
it is C
NPS supports two certificate based mutual authentication methods
EAP-TLS
PEAP-TLS