You are a help desk technician for your company. Susan is an executive. Because Susan travels frequently, she uses a Windows XP Professional portable computer that has a smart card reader. Susan asks you to configure her computer so that she can dial in to the company network when she is out of the office. Company security policy states that dial-in users must use a smart card when they connect to the network, and that the users must use the strongest form of data encryption possible. Company security policy also states that client computers must disconnect if the Routing and Remote Access server does not support both smart card
authentication and the strongest possible authentication. You need to configure the dial-up connection properties on Susan�s computer to dial in to the company network. Your solution must ensure that company security policies are enforced. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A.
Select the Advanced (custom settings) security option.
B.
Select the Require data encryption check box.
C.
Select the Typical (recommended settings) security option.
D.
Select the Use smart card item from the Validate my identity as follows list.
E.
Select the Maximum strength encryption item from the Data encryption list.
F.
Select the Allow these protocols option, and select the MS-CHAP v2 check box.
G.
Select the Extensible Authentication Protocol (EAP) option, and select Smart Card or other Certificate from the EAP list.
Explanation:
Company security policy requires that dial-in users must use a smart card to connect to the network, must use the strongest form of data encryption possible and client computers must disconnect if the routing and remote access server does not support both smart card authentication and the strongest possible authentication. Therefore we should configure the dial-up connection properties on Susan’s computer by selecting the advanced settings to set specific protocols and other options. We must then select the Extensible Authentication Protocol (EAP) option and select Smart Card or other Certificate from the EAP list. This will enable smart card authentication. We must then select the Maximum strength encryption item from the Data encryption list to ensure that only the maximum security is used. This will ensure that client computers will disconnect if the routing and remote access server does not support both smart card authentication and the strongest possible authentication.
Incorrect Answers:
B: By select the Require data encryption check box we will ensure that some form of encrypted authentication occurs but we will not ensure that maximum strength encryption is used.
C: The Typical (recommended settings) security option does not use maximum strength encryption.
D: The Use smart card item in the Validate my identity as follows list will not ensure that only the maximum strength encryption is used, you have to edit the advanced properties.
F: MS-CHAP v2 is not the highest form of encryption.