You need to ensure that the client computers in both Contoso and Fabrikam trust each other’s email certificates

Your network contains an Active Directory domain named contoso.com.
You deploy Active Directory Certificate Services (AD CS).
Your company, which is named Contoso, Ltd., has a partner company named Fabrikam, Inc.
Fabrikam also deploys AD CS.
Contoso and Fabrikam plan to exchange signed and encrypted email messages.
You need to ensure that the client computers in both Contoso and Fabrikam trust each
other’s email certificates. The solution must prevent other certificates from being trusted and
minimize administrative effort.
What should you do?
More than one answer choice may achieve the goal. Select the BEST answer.

Your network contains an Active Directory domain named contoso.com.
You deploy Active Directory Certificate Services (AD CS).
Your company, which is named Contoso, Ltd., has a partner company named Fabrikam, Inc.
Fabrikam also deploys AD CS.
Contoso and Fabrikam plan to exchange signed and encrypted email messages.
You need to ensure that the client computers in both Contoso and Fabrikam trust each
other’s email certificates. The solution must prevent other certificates from being trusted and
minimize administrative effort.
What should you do?
More than one answer choice may achieve the goal. Select the BEST answer.

A.
Implement an online responder in each company.

B.
Exchange the root certification authority (CA) certificates of both companies, and then
deploy the certificates to the Enterprise Trust store by using Group Policy objects (GPOs).

C.
Implement cross-certification in each company.

D.
Exchange the root certification authority (CA) certificates of both companies, and then
deploy the certificates to the Trusted Root Certification Authorities store by using Group
Policy objects (GPOs).

← Previous question

Next question →

Leave a Reply 7

Ty

I would think “B”.
https://technet.microsoft.com/en-us/library/cc772491.aspx

Reply

Unknown

Based on the article I would have to agree to B, my guess was actually C hehe because the others just didn’t felt right, D seems to give way too much trust and the question does mention to limit the capacity of the trust between companies.

Reply

MrBitch

I believe the answer to be C due to qualified subordination in cross certification.

https://technet.microsoft.com/en-us/library/cc785267(v=ws.10).aspx

Reply

gi

I think given answer is correct.

B & D need the same process, just the location change.

Reply

Whoa

Answer C: Cross-Certification

https://msdn.microsoft.com/en-us/library/windows/desktop/bb540800(v=vs.85).aspx

Key statement:

The solution must prevent other certificates from being trusted and
minimize administrative effort.

Reply

Arvilla Yeldon

Some times its a pain in the ass to read what website owners wrote but this website is really user friendly! .

http://www.bastcilkdoptb.com/

Reply

Clair Compeau

You’re so cool! I don’t think I have read through a single thing like that before. So great to discover another person with a few original thoughts on this topic. Seriously.. thank you for starting this up. This website is one thing that is required on the internet, someone with a bit of originality!|

http://www.A5OD7l7KU3.com/A5OD7l7KU3

Reply