Your network contains an Active Directory domain named contoso.com. The domain
contains a certification authority (CA).
You suspect that a certificate issued to a Web server is compromised.
You need to minimize the likelihood that users will trust the compromised certificate.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
Stop the Certificate Propagation service.
B.
Modify the validity period of the Web Server certificate template.
C.
Run certutil and specify the -revoke parameter.
D.
Run certutil and specify the -deny parameter.
E.
Publish the certificate revocation list (CRL).
Explanation:
First revoke the certificate, then publish the CRL.
Answer = C,E
http://technet.microsoft.com/en-us/library/cc753724.aspx
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_revoke
C and E are correct.
First revoke the Certificate and then publish the CRL. Although this will not stop the server from trusting the certificate straight away it will increase the likelihood (eventually it will stop trusting it)
CE