Your network contains an Active Directory domain named contoso.com. The network contains two
servers named Server1 and Server2.
You deploy Active Directory Certificate Services (AD CS). The certification authority (CA) is configured as
shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can issue certificates based on certificate templates.
What should you do?
A.
On Server1, install the Network Device Enrollment Service role service.
B.
Configure Server2 as a standalone subordinate CA.
C.
On Server1, uninstall, and then reinstall AD CS.
D.
On Server1, run the Add-CertificateEnrollmentPolicyServer cmdlet.
Explanation:
In a typical CA infrastructure the Stand-alone CAs are primarily intended to be used as Trusted Offline
RootCAs in a CA hierarchy or when extranets and the Internet are involved. In a stand-alone CA
Certificate templates are not used. An enterprise CA uses certificate types, which are based on a
certificate template.
#
http://www.aiotestking.com/microsoft/you-need-to-ensure-that-you-can-issue-certificates-based-on-certificate-templates-2/
#
The other acceptable answer elsewhere is, “configure Server1 as a subordinate enterprise CA”