What should you recommend implementing on Server1?

Your network contains an Active Directory domain named contoso.com.
The network contains a perimeter network.
The perimeter network and the internal network are separated by a firewall.
On the perimeter network, you deploy a server named Server1 that runs Windows Server 2012.
You deploy Active Directory Certificate Services (AD CS).
Each user is issued a smart card. Users report that when they work remotely, they are unable to renew their smart card certificate.
You need to recommend a solution to ensure that the users can renew their smart card certificate from the Internet.
What should you recommend implementing on Server1?

More than one answer choice may achieve the goal. Select the BEST answer.

Your network contains an Active Directory domain named contoso.com.
The network contains a perimeter network.
The perimeter network and the internal network are separated by a firewall.
On the perimeter network, you deploy a server named Server1 that runs Windows Server 2012.
You deploy Active Directory Certificate Services (AD CS).
Each user is issued a smart card. Users report that when they work remotely, they are unable to renew their smart card certificate.
You need to recommend a solution to ensure that the users can renew their smart card certificate from the Internet.
What should you recommend implementing on Server1?

More than one answer choice may achieve the goal. Select the BEST answer.

A.
The Certification Authority Web Enrollment role service and the Online Responder role service

B.
The Active Directory Federation Services server role

C.
The Certificate Enrollment Policy Web Service role service and the Certificate Enrollment Web Service role service

D.
An additional certification authority (CA) and the Online Responder role service