Home » Microsoft » 70-687 » What should you do?
A company has client computers that run Windows 8.1. You set up new virtual private network (VPN) connections on all client computers. The VPN connections require the use of a smart card for authentication.
Users are unable to connect to the corporate network by using the VPN connections. The connection properties are configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that the client computers can connect to the corporate network.
What should you do?
A. Enable Challenge Handshake Authentication Protocol (CHAP).
B. Change the VPN type to IKEv2.
C. In the advanced settings, select Use preshared key for authentication.
D. Change the authentication setting to Use Extensible Authentication Protocol (EAP).
Correct Answer: D
Explanation/Reference:
http://support.microsoft.com/kb/259880
Configuring a VPN to Use Extensible Authentication Protocol (EAP)
EAP can be used to provide an added layer of security to VPN technologies such as Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP). EAP enables this functionality through Certificate Authority (CA) and SmartCard technologies, which provide mutual authentication of the client and the server.
http://technet.microsoft.com/en-us/library/cc739449%28v=ws.10%29.aspx Smart cards and remote access VPN connections
Smart cards and remote access VPN connections
The use of smart cards for user authentication is the strongest form of authentication in the Windows Server 2003 family. For remote access VPN connections, you must use Extensible Authentication Protocol (EAP) with the Smart card or other certificate (TLS) EAP type, also known as EAP- Transport Level Security (EAP-TLS).