Your network contains a server that runs Windows Server 2008 R2. The server has the Web Server
(IIS) role installed. The server has a Web application that uses HTTP. All authentication methods are
enabled for the Web application. You need to prevent passwords from being sent over the network
in clear text. Which two authentication methods should you disable? (Each correct answer presents
part of the solution. Choose two.)
A.
Anonymous
B.
Basic
C.
Digest
D.
Forms
E.
Windows Integrated
Explanation:
Configure Basic Authentication (IIS 7)
Basic authentication requires that users provide a valid user name and password to access content.
This authentication method does not require a specific browser, and all major browsers support it.
Basic authentication also works across firewalls and proxy servers. For these reasons, it is a good
choice when you want to restrict access to some, but not all, content on a server.
However, the disadvantage of Basic authentication is that it transmits unencrypted base64-encoded
passwords across the network. You should use Basic authentication only when you know that the
connection between the client and the server is secure. The connection should be established either
over a dedicated line or by using Secure Sockets Layer (SSL) encryption and Transport Layer Security
(TLS). For example, to use Basic authentication with Web Distributed Authoring and Versioning
(WebDAV), you should configure SSL encryption.
http://technet.microsoft.com/en-us/library/cc772009(WS.10).aspx
Configuring Forms Authentication (IIS 7) Forms authentication uses client-side redirection to forward
unauthenticated users to an HTML form where they can enter their credentials, which are usually a
user name and password. After the credentials are validated, users are redirected to the page they
originally requested. Because Forms authentication sends the user name and password to the Web
server as plain text , you should use Secure Sockets Layer (SSL) encryption for the logon page and for
all other pages in your application except the home page.
http://technet.microsoft.com/en-us/library/cc771077(WS.10).aspx
Check this link on MSDN for a nice comparisation of all authentication methods:
http://msdn.microsoft.com/en-us/library/aa292114.aspx