CompTIA Security+ (SY0-501) — Question 286

A company is deploying a file-sharing protocol access a network and needs to select a protocol for authenticating clients. Management requests that the service be configured in the most secure way possible. The protocol must also be capable of mutual authentication, and support SSO and smart card logons. Which of the following would BEST accomplish this task?

Answer options

• A. Store credentials in LDAP
• B. Use NTLM authentication
• C. Implement Kerberos
• D. Use MSCHAP authentication

Correct answer: C

Explanation

Kerberos is the best choice because it provides strong mutual authentication, supports single sign-on (SSO), and is compatible with smart card logons. In contrast, NTLM authentication lacks mutual authentication capabilities and is less secure, while storing credentials in LDAP does not directly handle authentication. MSCHAP authentication also does not offer the same level of security and functionality as Kerberos.