You are a network administrator for a company named Humongous Insurance. Humongous Insurance has an
Active Directory forest that contains two domains.
You install the Active Directory Rights Management Services server role on a server named ADRMS1. The
Active Directory Rights Management Services (AD RMS) server uses an internal certification authority (CA) for
all certificates.
You plan to provide users with the ability to use AD RMS to protect all of the email messages sent to a partner
company named Contoso, Ltd.
Contoso does not have AD RMS deployed.
You need to identify which components from the Humongous Insurance network must be accessible to
Contoso to ensure that the users at Contoso can open protected messages.
Which two components should you identify? (Each correct answer presents part of the solution. Choose two.)
A.
the AD RMS cluster
B.
the certificate revocation list (CRL)
C.
the Active Directory domain controllers
D.
the Client Access servers
E.
the Mailbox servers
F.
the Global Catalog servers
Explanation:
B: The CRL is exactly what its name implies: a list of subscribers paired with digital certificate status. The list
enumerates revoked certificates along with the reason(s) for revocation. The dates of certificate issue, and the
entities that issued them, are also included. In addition, each list contains a proposed date for the next release.
When a potential user attempts to access a server, the server allows or denies access based on the CRL entry
for that particular user.
C: If federation cannot be implemented and the external organization cannot implement their own AD RMS
infrastructure, hosting the user accounts can be the best option. However, the cost of managing such accounts
(for both the IT department and each user) must be considered. In this case, the users will need to be
authenticated by a domain controller.