What should you recommend?

Your network is configured as shown in the following diagram.

You deploy an enterprise certification authority (CA) on the internal network. You also deploy a Microsoft Online
Responder on the internal network. You need to recommend a secure method for Internet users to verify the
validity of individual certificates. The solution must minimize network bandwidth.
What should you recommend?

Your network is configured as shown in the following diagram.

You deploy an enterprise certification authority (CA) on the internal network. You also deploy a Microsoft Online
Responder on the internal network. You need to recommend a secure method for Internet users to verify the
validity of individual certificates. The solution must minimize network bandwidth.
What should you recommend?

A.
Deploy a subordinate CA on the perimeter network.

B.
Install a standalone CA and the Network Device Enrollment Service (NDES) on a server on the perimeter
network.

C.
Install a Network Policy Server (NPS) on a serveron the perimeter network. Redirect authentication
requests to a server on the internal network.

D.
Install Microsoft Internet Information Services (IIS) on a server on the perimeter network.ConfigureIIS to
redirect requests to the Online Responder on the internal network.

Explanation:
MICROSOFT ONLINE RESPONDER & IIS HTTP REDIRECTION
Microsoft Online Responder implements the OCSP protocol, which allows a recipient of a certificate to submit a
certificate status request to an OCSP responder by using the Hypertext Transfer Protocol (HTTP). This OCSP
responder returns a definitive, digitally signed response indicating the certificate status. The amount of data
retrieved per request is constant regardless of thenumber of revoked certificates in the CA.
The OCSP is located in the internal network and canbe assessed from internet through IIS server in the
perimeter network by using HTTP redirection.
http://technet.microsoft.com/en-us/library/cc731001.aspx
http://technet.microsoft.com/en-us/library/cc770409(v=ws.10).aspx



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Simon

Simon

Could not find clarification that IIS Redirection would work in this scenario. Publishing via ISA/TMG/ARR would be better imho, however that is not available as an answer…

If anyone can find a clarifying document I would be much obliged for the post here..