What should you recommend implementing on Server1?

Your network contains an Active Directory domain named contoso.com. The network
contains a perimeter network. The perimeter network and the internal network are separated
by a firewall.
On the perimeter network, you deploy a server named Server1 that runs Windows Server
2012.
You deploy Active Directory Certificate Services (AD CS).
Each user is issued a smart card.
Users report that when they work remotely, they are unable to renew their smart card
certificate.
You need to recommend a solution to ensure that the users can renew their smart card
certificate from the Internet.
What should you recommend implementing on Server1?
More than one answer choice may achieve the goal. Select the BEST answer.

Your network contains an Active Directory domain named contoso.com. The network
contains a perimeter network. The perimeter network and the internal network are separated
by a firewall.
On the perimeter network, you deploy a server named Server1 that runs Windows Server
2012.
You deploy Active Directory Certificate Services (AD CS).
Each user is issued a smart card.
Users report that when they work remotely, they are unable to renew their smart card
certificate.
You need to recommend a solution to ensure that the users can renew their smart card
certificate from the Internet.
What should you recommend implementing on Server1?
More than one answer choice may achieve the goal. Select the BEST answer.

A.
The Certificate Enrollment Policy Web Service role service and the Certificate Enrollment
Web Service role service

B.
The Active Directory Federation Services server role

C.
An additional certification authority (CA) and the Online Responder role service

D.
The Certification Authority Web Enrollment role service and the Online Responder role
service

← Previous question

Next question →

Leave a Reply 6

Pio

https://technet.microsoft.com/en-us/library/dd759230.aspx

A

Reply

Yenrab

Have you considered:
technet.microsoft.com/en-us/library/hh831502.aspx
technet.microsoft.com/en-us/library/dn280949.aspx
It seems to me that ADFS will solve the problem AND Microsoft loves “selling” you on bad ideas especialy on tests.

Reply

Unknown

Even though the link for the first article says 2008 R2 I gonna go with A, but then again I know myself and I’m probably picking the loser.

I cannot believe ADFS is needed for such relatively simple objective.

Reply

JamesL

A is correct.

You would NEVER deploy AD FS Server in your perimeter network. That’s where you put your WAP server !!!

https://msdn.microsoft.com/en-us/library/azure/dn151324.aspx

Reply

mark

D.

When installing the role,

Certificaiton Authority WEb Enrollment:

CAQE provides a simple Web interface that allows uers to perform tasks such as request and renw certificates, retrieve certficate revocation lists (CRLs), and enroll for smart card certificates

Reply

FSM

A.

http://social.technet.microsoft.com/wiki/contents/articles/7734.certificate-enrollment-web-services-in-active-directory-certificate-services.aspx#Managing_Certificate_Enrollment_Policy_Web_Service_Polling_for_Certificate_Templates

https://technet.microsoft.com/en-us/library/hh831822.aspx
https://technet.microsoft.com/en-us/library/hh831625%28v=ws.11%29.aspx

Reply