Your network is configured as shown in the following diagram.
You deploy an enterprise certification authority (CA) on the internal network. You also deploy a Microsoft Online Responder on the internal network. You need to recommend a secure method for Internet users to verify the validity of individual certificates.
The solution must minimize network bandwidth.
What should you recommend?
A.
Deploy a subordinate CA on the perimeter network.
B.
Install a standalone CA and the Network Device Enrollment Service (NDES) on a server on the perimeter network.
C.
Install a Network Policy Server (NPS) on a server on the perimeter network. Redirect authentication requests to a server on the internal network.
D.
Install Microsoft Internet Information Services (IIS) on a server on the perimeter network.
Configure IIS to redirect requests to the Online Responder on the internal network.
Explanation:
http://www.ipsure.com/blog/2010/installation-and-configuration-of-active-directory-certificate-services-on-windows-server-2008-r2-1/
http://msdn.microsoft.com/en-us/library/cc732956.aspx