Best Solutions for Network Expansion

AD.

The organization's goal is to move from local accounts to centrally managed authentication. Therefore, the two BEST solutions for this scenario are:

A. TACACS+ - Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol that provides centralized authentication, authorization, and accounting (AAA) for network devices. TACACS+ enables administrators to centrally manage user accounts on multiple network devices, and it provides greater security than other protocols such as RADIUS, because it separates authentication and authorization.

C. LDAP - Lightweight Directory Access Protocol (LDAP) is a protocol used for accessing and maintaining distributed directory information services over an IP network. LDAP is commonly used for centralized authentication and authorization of users and network devices. LDAP is efficient and provides secure authentication and authorization, making it a popular choice for large organizations.

The other options are not the best solutions for this scenario because:

B. CHAP - Challenge Handshake Authentication Protocol (CHAP) is a protocol used for authentication between two parties, typically a client and a server. CHAP is not suitable for centralized authentication of multiple network devices.

D. RADIUS - Remote Authentication Dial-In User Service (RADIUS) is a protocol that provides centralized authentication, authorization, and accounting (AAA) for network devices. While RADIUS is a commonly used protocol, TACACS+ provides greater security by separating authentication and authorization.

E. MSCHAPv2 - Microsoft Challenge Handshake Authentication Protocol version 2 (MSCHAPv2) is a protocol used for authentication between clients and servers. It is commonly used for VPN authentication, but it is not suitable for centralized authentication of multiple network devices.