What should you include in the recommendation?

Your network contains an Active Directory forest named contoso.com.
Your company works with a partner company that has an Active Directory forest named
fabrikam.com. Both forests contain domain controllers that run only Windows Server 2012
R2.

The certification authority (CA) infrastructure of both companies is configured as shown in
the following table.

You need to recommend a certificate solution that meets the following requirements:
Server authentication certificates issued from fabrikam.com must be trusted automatically by
the computers in contoso.com.
The computers in contoso.com must not trust automatically any other type of certificates
issued from the CA hierarchy in fabrikam.com.
What should you include in the recommendation?

Your network contains an Active Directory forest named contoso.com.
Your company works with a partner company that has an Active Directory forest named
fabrikam.com. Both forests contain domain controllers that run only Windows Server 2012
R2.

The certification authority (CA) infrastructure of both companies is configured as shown in
the following table.

You need to recommend a certificate solution that meets the following requirements:
Server authentication certificates issued from fabrikam.com must be trusted automatically by
the computers in contoso.com.
The computers in contoso.com must not trust automatically any other type of certificates
issued from the CA hierarchy in fabrikam.com.
What should you include in the recommendation?

A.
Deploy a Group Policy object (GPO) that defines intermediate CAs. Import a certificate
that has an application policy object identifier (OID) of CA Encryption Certificate.

B.
Deploy a Group Policy object (GPO) that defines an enterprise trust. Import a certificate
that has an application policy object identifier (OID) of Microsoft Trust List Signing.

C.
Deploy a Group Policy object (GPO) that defines an enterprise trust. Import a certificate
that has an application policy object identifier (OID) of CA Encryption Certificate.

D.
Deploy a Group Policy object (GPO) that defines intermediate CAs. Import a certificate
that has an application policy object identifier (OID) of Microsoft Trust List Signing.



Leave a Reply 0

Your email address will not be published. Required fields are marked *