You work as the enterprise administrator at ABC.com. ABC.com has a domain named ABC.com. The ABC.com domain servers run Microsoft Windows Server 2008. ABC.com has a server named ABC-SR01 running Routing and Remote Access Services (RRAS).
ABC.com has a marketing division of remote users belonging to a group named KingRemote requiring access to the domain when out of office. During the course of the day ABC.com discovers that stringent security settings are required when remotely accessing the domain. You started the maintenance by creating a remote access policy.
How do configure ABC-SR01 so that the remote access users require using smartcards for dial-up connections?
A.
By configuring a remote access policy that enables users to authenticate connections using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS).
B.
By configuring a remote access policy that enables users to authenticate connections using Password Authentication Protocol (PAP).
C.
You should consider a remote access policy that requires Kerberos v5 authentication.
D.
By configuring a remote access policy that enables users to authenticate connections using Internet Protocol Security (IPSec).
Explanation:
You should create a remote access policy that allows users to use Extensible Authentication Protocol Layer Security (EAP TLS) because EAP-TLS requires a user certificate for the user requesting access and a computer certificate for the authenticating server. All other options like SPAP are not right because SPAP causes the remote access machine to send an encrypted password to the remote access server.