Your network is configured as shown in the following diagram.
You deploy an enterprise certification authority (CA) on the internal network. You also deploy a
Microsoft Online Responder on the internal network. You need to recommend a secure method for
Internet users to verify the validity of individual certificates. The solution must minimize network
bandwidth. What should you recommend?
A.
Deploy a subordinate CA on the perimeter network.
B.
Install a standalone CA and the Network Device Enrollment Service (NDES) on a server on the
perimeter network.
C.
Install a Network Policy Server (NPS) on a server on the perimeter network. Redirect
authentication requests to a server on the internal network.
D.
Install Microsoft Internet Information Services (IIS) on a server on the perimeter network.
Configure IIS to redirect requests to the Online Responder on the internal network.
Explanation:
http ://www.ipsure.com/blog/2010/installation-and-configuration-of-active-directory-certificateservices-onwindows-server-2008-r2-1/
http ://msdn.microsoft.com/en-us/library/cc732956.aspx