CompTIA Security+ (SY0-601) — Question 516

A security analyst needs to harden access to a network. One of the requirements is to authenticate users with smart cards. Which of the following should the analyst enable to best meet this requirement?

Answer options

• A. CHAP
• B. PEAP
• C. MS-CHAPv2
• D. EAP-TLS

Correct answer: D

Explanation

EAP-TLS is the most secure option for authenticating users with smart cards, as it uses certificates for both the server and client. CHAP, PEAP, and MS-CHAPv2 do not provide the same level of security or support for smart card authentication, making them less suitable for this requirement.