What should you recommend implementing on Server1?

Your network contains an Active Directory domain named contoso.com. The network contains a
perimeter network. The perimeter network and the internal network are separated by a firewall.
On the perimeter network, you deploy a server named Server1 that runs Windows Server 2012.
You deploy Active Directory Certificate Services (AD CS).
Each user is issued a smart card.
Users report that when they work remotely, they are unable to renew their smart card certificate.
You need to recommend a solution to ensure that the users can renew their smart card certificate
from the Internet.
What should you recommend implementing on Server1?
More than one answer choice may achieve the goal. Select the BEST answer.

Your network contains an Active Directory domain named contoso.com. The network contains a
perimeter network. The perimeter network and the internal network are separated by a firewall.
On the perimeter network, you deploy a server named Server1 that runs Windows Server 2012.
You deploy Active Directory Certificate Services (AD CS).
Each user is issued a smart card.
Users report that when they work remotely, they are unable to renew their smart card certificate.
You need to recommend a solution to ensure that the users can renew their smart card certificate
from the Internet.
What should you recommend implementing on Server1?
More than one answer choice may achieve the goal. Select the BEST answer.

A.
The Certificate Enrollment Policy Web Service role service and the Certificate Enrollment Web
Service role service

B.
The Active Directory Federation Services server role

C.
An additional certification authority (CA) and the Online Responder role service

D.
The Certification Authority Web Enrollment role service and the Online Responder role service

Explanation:

Show Hint

Leave a Reply 2

Your email address will not be published. Required fields are marked *

Reginaldo

Reginaldo

The Certificate Enrollment Web Service is an Active Directory Certificate Services (AD CS) role service that enables users and computers to perform certificate enrollment by using the HTTPS protocol. Together with the Certificate Enrollment Policy Web Service, this enables policy-based certificate enrollment when the client computer is not a member of a domain or when a domain member is not connected to the domain.

The Certificate Enrollment Web Service uses the HTTPS protocol to accept certificate requests from and return issued certificates to network client computers. The Certificate Enrollment Web Service uses the DCOM protocol to connect to the certification authority (CA) and complete certificate enrollment on behalf of the requester. In versions of AD CS prior to Windows Server 2008 R2, policy-based certificate enrollment can be completed only by domain member client computers that are using the DCOM protocol. This limits certificate issuance to the trust boundaries that are established by Active Directory domains and forests.

Reply