What should you do?

Correct Answer for the following Question is given below

Your company has a main office and 15 branch offices. The company has a single Active Directory domain. All servers run Windows Server 2008 R2. You need to ensure that the VPN connections between the main office and the branch offices meet the following requirements:- All data must be encrypted by using end-to-end encryption.- The VPN connection must use computer-level authentication.- User names and passwords cannot be used for authentication.What should you do?Correct answer(s): CEAP-Transport Layer Security (EAP-TLS), defined in RFC 5216, is an IETF open standard, and is well supported among wireless vendors. The security of the TLS protocol is strong, provided the user understands potential warnings about false credentials. It uses PKI to secure communication to a RADIUS authentication server or another type of authentication server. So even though EAP-TLS provides excellent security, the overhead of client-side certificates may be its Achilles’ heel.EAP-TLS is the original, standard wireless LAN EAP authentication protocol. Although it is rarely deployed, it is still considered one of the most secure EAP standards available and is universally supported by all manufacturers of wireless LAN hardware and software. The requirement for a client-side certificate, however unpopular it may be, is what gives EAP-TLS its authentication strength and illustrates the classic convenience vs. security trade-off. A compromised password is not enough to break into EAP-TLS enabled systems because the intruder still needs to have the client-side private key. The highest security available is when client-side keys are housed in smart cards.[4] This is because there is no way to steal a certificate’s corresponding private key from a smart card without stealing the card itself. It is significantly more likely that the physical theft of a smart card would be noticed (and the smart card immediately revoked) than a (typical) password theft would be noticed. Up until April 2005, EAP-TLS was the only EAP type vendors needed to certify for a WPA or WPA2 logo.[5] There are client and server implementations of EAP-TLS in 3Com, Apple, Avaya, Brocade Communications, Cisco, Enterasys Networks, Foundry, HP, Juniper, and Microsoft, and open source operating systems. EAP-TLS is natively supported in Mac OS X 10.3 and above, Windows 2000 SP4 , Windows XP and above, Windows Mobile 2003 and above, and Windows CE 4.2


What should you do?


Configure an IPsec connection to use tunnel mode and preshared key authentication.

Configure a PPTP connection to use version 2 of the MS-CHAP v2 authentication.

Configure a L2TP/IPsec connection to use the EAP-TLS authentication.

Configure a L2TP/IPsec connection to use version 2 of the MS-CHAP v2 authentication.

Correct Answer

The Correct Answer for this Question is

Configure a L2TP/IPsec connection to use the EAP-TLS authentication.


The Question – What should you do? has been answered correctly and answers for the question is Configure a L2TP/IPsec connection to use the EAP-TLS authentication.

More about these Exams

These Exam Questions and the order of these questions keep changing. but the answers are obviously same. so if you don’t find a question after another we suggest you search it in the search box and we are sure you’ll find it. you can bookmark this site for Quick access in future.

We hope you found it helpful don’t forget to leave a comment if you feel a need to correct or ask we’re always here to help.

you can find more here at mnccertified

Feel free to contact via comment or email.

Happy Learning

Cheers, Team MNCcertified

Leave a Comment