Your network consists of one Active Directory domain that contains servers that n.ai Windows Server 2008 R2. The relevant servers are configured as shown in the following table.
The relevant portion of the network is shown in the exhibit. (Click the Exhibit button.)
Server3 hosts a secure Web site. You want remote users to access the secure Web site by using a Secure
Socket Layer (SSL) connection throu the Internet. A server certificate issued by Server2 is installed on Server3.
You need to recommend a solution that will enable the distribution of certificates to the remote users.
The solution must meet the following requirements:
the certification authority must be automatically trusted.
Remote users connecting to Server3 must use client certificates issued by Server4.
A minimum amount of TCP/IP ports must be opened on the firewall that connects the perimeter network and the internal network
Which certification authority should you recommend installing on Server4?
A.
enterprise root
B.
enterprise subordinate
C.
standalone root
D.
standalone subordinate
Where is the hint that server 2 is a standalone root server?
Is that because the traffic between server 2 and server 4 has to be minimum, then I can modify the role of server 2?
Ok, so server 2 can be enterprise root CA while server 4 is standalone subordinate server
http://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspx#Install_the_Standalone_Offline_Root_CA