Which authentication protocol uses server certificates and Active Directory databases?

The correct answer is Protected EAP (PEAP). This protocol is designed to secure wireless networks by encapsulating a second authentication mechanism within a secure TLS tunnel. PEAP utilizes server certificates to authenticate the server to the client, ensuring that users are connecting to a legitimate server and not an imposter. Once the server's identity is verified through the certificate, the client can then authenticate its identity using credentials stored in Active Directory databases.

The use of server certificates is crucial in PEAP as it provides a layer of encryption and prevents man-in-the-middle attacks, which could occur if an unauthorized entity intercepts the communication. Additionally, by integrating with Active Directory, PEAP allows organizations to leverage their existing directory services for centralized user management and authentication.

In contrast, Lightweight EAP (LEAP) does not rely on server certificates and is considered less secure due to vulnerabilities that can be exploited. Security Assertion Markup Language (SAML) is primarily used for single sign-on (SSO) and does not directly involve server certificates in the same way as PEAP does. Open Authorization (OAuth) is a delegated authorization framework, not primarily an authentication protocol, and does not involve Active Directory or the use of server certificates in its standard implementations.