Your network contains an Active Directory domain named contoso.com. The domain contains four servers.
The servers are configured as shown in the following table.
You plan to deploy an enterprise certification authority (CA) on a server named SERVER5.
SERVER5 will be used to issue certificates to domain-joined computers and workgroup computers.
You need to identify which server you must use as the certificate revocation list (CRL) distribution point for
SERVER5.
Which server should you identify?
A.
SERVER1
B.
SERVER3
C.
SERVER4
D.
SERVER2
Explanation:
http://technet.microsoft.com/en-us/library/ee649260(v=ws.10).aspx
CRL is published to a web site
“CRL is published to a web site”
good to know
you might also want to use SERVER1 as most deployments also use LDAP for AD integrated CRL publishing 😉
Why would you choose Server3 over Server1?
Because Server 3 and 4 have internet IPs.
Enterprise CA should be on local ip network … like Server1 and Server2.
I dont think anyone here paid attention to the IP addreses.
Im a fucking idiot. just ignore me
I love how every other question on here has hard statements in the explanations that are blatantly wrong.
You don’t HAVE to publish the CRL to a HTTP, infact when the CA is installed on a domain member server by default then it will automatically publish it’s CRL to AD over LDAP.
You can change the CRL to a http or file share –
https://technet.microsoft.com/en-us/library/ee649260(v=ws.10).aspx
The thing with this question is it has workgroup computers, so file share or AD are no good so HTTP is the best option here.
It’s also not recommended to install a CA on a domain controller as it makes it difficult to upgrade the DC later (have to uninstall the CA service prior to upgrade)
So ans = B but not for the reason mentioned.
Or because, you know, Server2 IS ON THE DOMAIN NETWORK.
Sever3 and 4 are on the internet. Look at the IP addresses.
ignore me, im dumb