You network contains one Active Directory domain. All domain controllers run Windows Server
2008. The network has 100 servers and 5,000 client computers. Client computers run either
Windows XP Service Pack 2 (SP2) or Windows Vista Service Pack 1 (SP1). You need to plan the
deployment of Certificate Services on the network to support the following requirements:
Automatic certificate enrollment
Supported certificates for all client computers
What should you include in your plan?
A.
Deploy a stand-alone certification authority (CA). Create V2 templates.
B.
Deploy a stand-alone certification authority (CA). Create V3 templates.
C.
Deploy an enterprise certification authority (CA). Create V2 templates.
D.
Deploy an enterprise certification authority (CA). Create V3 templates.
Explanation:
To deploy Certificate Services on the network and ensure that there is automatic certificate
enrollment on the network and there are supported certificates for all client computers, you need to
Deploy an enterprise certification authority (CA) and create V2 templates. You should use enterprise
certification authority (CA) because it is integrated with Active Directory, and only provides
certificates to members within that Active Directory. You should not use Standalone CA because it
doesn’t tap into a local or domain user account. You should used V2 templates instead of V1
templates because V2 templates are customizable. With V2 templates, a CA administrator is able to
configure a wide range of settings that apply during certificate enrollment, such as minimum key
length, subject name definition, enrollment requirements like enrollment agent signature, and so on
Certification Success – The Standalone CA Versus The Enterprise CA
http://www.lockergnome.com/it/2004/10/19/certification-success-the-standalone-ca-versus-theenterprise-ca/
Certificate Templates Overview
http://technet2.microsoft.com/windowsserver2008/en/library/65985352-e846-4d4d-9a0d-
2fea1b7eceba1033.mspx?mfr=true