Final answer:
The correct configurations aligned with the company's security policy are RADIUS (D) for centralized authentication, and LDAP (E) for checking credentials against a directory service, both of which adhere to the policy for network-based authentication and avoid the use of local admin accounts.
Step-by-step explanation:
A company's security policy requires remote connections to be validated using two forms of network-based authentication. Additionally, it specifies that local administrative accounts are to be avoided for remote access operations. Given that Public Key Infrastructure (PKI) is not set up in the company's network, and considering RSA tokens and a mobile app for 2FA are already in place, appropriate choices for remote connection validation that complement these methods are necessary. The best two options for the required configurations, from the list provided, would be:
- D. RADIUS (Remote Authentication Dial-In User Service), which would provide centralized authentication, authorization, and accounting management for users who connect and use a network service.
- E. LDAP (Lightweight Directory Access Protocol), which can be used to check the credentials and privileges of an account against a directory service such as Active Directory for authentication purposes.
These options, used in conjunction with the RSA tokens and the mobile 2FA application, will align with the company's security policy that requires network-based authentications and avoiding local admin accounts for remote access.