What should you do?

Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certificate authority (CA).

You need to ensure that revoked certificate information is highly available.

What should you do?

Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certificate authority (CA).

You need to ensure that revoked certificate information is highly available.

What should you do?

A.
Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.

B.
Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration Server array.

C.
Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).

D.
Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.

Explanation:
To ensure that the revoked certificate information is available at all, you should use the
network load balancing and publish an OCSP responder. OCSP is an online responder
that can receive a request to check for revocation of a certificate without the client having
to download the entire CRL. This process speeds up certificate revocation checking and
reduces network bandwidth used for this process. This can be helpful especially when
such checking is down over slow WAN links.



Leave a Reply 0

Your email address will not be published. Required fields are marked *