Home » Microsoft » 70-414 v.2 » What should you install on each client device?
You have a properly configured certification authority in an Active Directory Domain Services domain.
You must implement two-factor authentication and use virtual smart cards to secure user sessions.
You need to implement two-factor authentication for each client device.
What should you install on each client device?
A. a smart card reader
B. a user certificate issued by a certification authority
C. a Trusted Platform Module (TPM) chip
D. a local computer certificate issued by a certificate authority
Correct Answer: A
Explanation/Reference:
Smart cards and their associated personal identification numbers (PINs) are an increasingly popular, reliable, and cost-effective form of two-factor authentication.
With the right controls in place, a user must have the smart card and know the PIN to gain access to network resources. When a user needs to log on to a system, she places the smart card in a smart card reader or simply swipes it across the reader itself. The certificate is read, and the user is prompted only for a PIN, which is uniquely assigned to each user. After the PIN and the certificate are verified, the user is logged on to the domain.
References: A Complete Guide on Active Directory Certificate Services in Windows Server 2008 R2
http://blog.windowsserversecurity.com/2012/01/17/a-complete-guide-on-active-directory-certificate-services-in-windows-server-2008-r2/
