You work as an enterprise administrator at Domain.com. The Domain.com network consists of a single Active Directory domain named Domain.com. All servers on the Domain.com network run Windows Server 2008. A new Domain.com security policy requires that revoked certificate information should be examined. You receive an instruction from the CIO to make sure that the revoked certificate information is available continuously.
What should you do?
A.
The best option is to use network load balancing and publish an OCSP responder.
B.
The best option is to enable users to accept peer certificates and link a GPO to the domain that you have configured.
C.
The best option is to use a GPO in order to publish a list of trusted certificate authorities.
D.
The best option is to configure and publish an OCSP (Online certificate status protocol) responder through ISAS (Internet Security and Acceleration Server) array.
Explanation:
You should use the network load balancing and publish an OCSP responder. This will ensure that the revoked certificate information will be available at all times. You do not need to download the entire CRL to check for revocation of a certificate; the OCSP is an online responder that can receive a request to check for revocation of a certificate. This will also speed up certificate revocation checking as well as reducing network bandwidth tremendously.
I agree with the answer. A