You have a properly configured certification authority in an Active Directory Domain Services domain.
You must implement two-factor authentication and use virtual smart cards to secure user sessions.
You need to implement two-factor authentication for each client device.What should you install on each client device?
A.
a smart card reader
B.
a user certificate issued by a certification authority
C.
a Trusted Platform Module (TPM) chip
D.
a local computer certificate issued by a certificate authority
Explanation:
A Complete Guide on Active Directory Certificate Services in Windows Server 2008 R2
http://blog.windowsserversecurity.com/2012/01/17/a-complete-guide-on-active-directory-certificateservices-in-windows-server-2008-r2/
C