Your network contains servers that run Windows Server 2008 R2 and client computers that run
Windows 7. All network routers support IPsec connections. Client computers and servers use IPsec
to connect through network routers. You have two servers named Server1 and Server2. Server1 has
Active Directory Certificate Services (AD CS) installed and is configured as a certification authority
(CA). Server2 runs Internet Information Services (IIS).
You need to recommend a certificate solution for the network routers. The solution must meet the
following requirements:
• Use the Simple Certificate Enrollment Protocol (SCEP).
• Enable the routers to automatically request certificates.
What should you recommend implementing?
A.
certification authority Web enrollment services on Server2
B.
Network Device Enrollment Service on Server2
C.
Online Responder service on Server1
D.
subordinate CA on Server1
Explanation:
To recommend a certificate solution for the network routers that would enable the routers to
automatically request certificates and that would use Simple Certificate Enrollment Protocol (SCEP),
you need to implement Network Device Enrollment Service on Server2. The Network Device
Enrollment Service allows routers and other network devices to obtain certificates based on the
Simple Certificate Enrollment Protocol (SCEP) from Cisco Systems Inc.
Windows Server Active Directory Certificate Services Step-by-Step Guide/ AD CS
Technology Review
http://technet2.microsoft.com/windowsserver2008/en/library/f7dfccc0-4f65-4d6f-a801-
ae6a87fd174c1033.mspx?mfr=true