You are a network administrator for a company named Humongous Insurance. Humongous
Insurance has an Active Directory forest that contains two domains.
You install the Active Directory Rights Management Services server role on a server named ADRMS1.
The Active Directory Rights Management Services (AD RMS) server uses an internal certification
authority (CA) for all certificates.
You plan to provide users with the ability to use AD RMS to protect all of the email messages sent to
a partner company named Contoso, Ltd.
Contoso does not have AD RMS deployed.
You need to identify which components from the Humongous Insurance network must be accessible
to Contoso to ensure that the users at Contoso can open protected messages.
Which two components should you identify? (Each correct answer presents part of the solution.
Choose two.)
A.
the AD RMS cluster
B.
the certificate revocation list (CRL)
C.
the Active Directory domain controllers
D.
the Client Access servers
E.
the Mailbox servers
F.
the Global Catalog servers
Explanation:
B: The CRL is exactly what its name implies: a list of subscribers paired with digital certificate status.
The list enumerates revoked certificates along with the reason(s) for revocation. The dates of
certificate issue, and the entities that issued them, are also included. In addition, each list contains a
proposed date for the next release. When a potential user attempts to access a server, the server
allows or denies access based on the CRL entry for that particular user.
C: If federation cannot be implemented and the external organization cannot implement their own
AD RMS infrastructure, hosting the user accounts can be the best option. However, the cost of
managing such accounts (for both the IT department and each user) must be considered.
In this case, the users will need to be authenticated by a domain controller.