You work as an enterprise administrator at ABC.com. The ABC.com network has a domain named ABC.com. The ABC.com network has a Windows Server 2008 R2 computer named ABC-SR03 that functions as an Enterprise Root certificate authority (CA).
A new ABC.com security policy requires that revoked certificate information should be available for examination at all times.
What action should you take adhere to the new policy?
A.
This can be accomplished by having a list of trusted certificate authorities published to the ABC.com domain.
B.
This can be accomplished by having the Online Certificate Status Protocol (OCSP) responder implemented.
C.
This can be accomplished by having the OCSP Response Signing certificate imported.
D.
This can be accomplished by having the Startup Type of the Certificate Propagation service set to Automatic.
E.
This can be accomplished by having the computer account of ABC-SR03 added to the ABCCertificates group.
Explanation:
You should use the network load balancing and publish an OCSP responder. This will ensure that the revoked certificate information will be available at all times. You do not need to download the entire CRL to check for revocation of a certificate; the OCSP is an online responder that can receive a request to check for revocation of a certificate. This will also speed up certificate revocation checking as well as reducing network bandwidth tremendously.