Your network contains an Active Directory domain. The domain contains a certification authority (CA) and a Network Policy Server (NPS) server. You plan to deploy Remote Access Always On VPN. Which authentication method should you use?
It's also written here to use PEAP and remove EAP.
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-nps
I think C is correct.
A.EAP-TTLS
Using CA certificate and tunnel.
C.PEAP
Using tunnel.
D.EAP-AKA
Using Authentication and Key Agreement.
https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol#EAP_Tunneled_Transport_Layer_Security_(EAP-TTLS)
PEAP = Protected EAP
So based on https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-nps
the answer is C
Yes it is a bit confusing, but after some research you use EAP when you use certification authority (CA) and a Network Policy Server (NPS) server for the authentication
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-peap/a128a089-0919-41a5-a0c2-9f25ef28289d
I only chose PEAP as it is considered more secure as it's using certificates instead of username + password. Is it the only protocol that allows the always on feature?
You should always go for the most secure option possible.
upvoted 4 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
dritter
Highly Voted 5 years, 9 months agoMsT
Highly Voted 5 years, 1 month agopanda
Most Recent 4 years agostefano1856
4 years, 7 months agoPerson
5 years, 1 month ago[Removed]
5 years, 6 months agodritter
5 years, 9 months ago[Removed]
4 years, 7 months ago