Your network contains an Active Directory domain named contoso.com.
The network contains two servers named Server1 and Server2.
You deploy Active Directory Certificate Services (AD CS).
The certification authority (CA) is configured as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can issue certificates based on certificate templates.
What should you do?
Exhibit:
A.
On Server1, install the Network Device Enrollment Service role service.
B.
Configure Server2 as a standalone subordinate CA
C.
On Server1, uninstall, and then reinstall AD CS.
D.
On Server1, run the Add-CertificateEnrollmentPolicyServer cmdlet.
Explanation:
In a typical CA infrastructure the Stand-alone CAs are primarily intended to be used as Trusted Offline RootCAs in a CA hierarchy or
when extranets and the Internet are involved.
In a stand-alone CA Certificate templates are not used.
An enterprise CA uses certificate types, which are based on a certificate template.
C is correct.
Another acceptable answer elsewhere is “Configure Server 2 as an enterprise subordinate CA” as certificate templates are not available when using a standalone CA, but only with an enterprise CA.
Oops, Server 1
As long as it says enterprise subordinate CA, you’re golden.
C indeed. Templates are stored in the AD. Standalone Roots or standalone subordinates do not access AD.
https://technet.microsoft.com/en-us/library/cc755290(v=ws.11)
Note: corp-DC1-CA is a standalone CA because there is no “Certificate Templates” folder