Your network contains an Active Directory domain named contoso.com.
You deploy Active Directory Certificate Services (AD CS).
You plan to deploy 100 external Web servers that will be publicly accessible and will require Secure Sockets Layer (SSL) certificates.
You also plan to deploy 50,000 certificates for secure email exchanges with Internet-based recipients.
You need to recommend a certificate services solution for the planned deployment.
What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.
A.
Deploy a certification authority (CA) that is subordinate to an external root CA.
B.
Purchase 50,100 certificates from a trusted third-party root certification authority (CA).
C.
Distribute a copy of the root certification authority (CA) certificate to external relying parties.
D.
Instruct each user to request a Secure Email certificate from a trusted third-party root CA, and then purchase 100 Web server certificates.
Explanation:
A Subordinate CA can be used to issue certificates for specific uses such as; secure email, web-based authentication and smart card authentication.
Subordinate CAs can be subordinate to either a internal or external Root CA.
B is absolute nonsense, there is no need to purchase 50000 certificates. If you do purchase a certificate ever, you simply purchase ONE and issue it to clients at
will.
For this same reason, D is also not applicable.
C could be applicable, except that this is not a Certification Trust scenrio between our business and a Relying party who has their own CA infrastructure. We do not
yet have a way to issue certificates safely to the Internet-Based Clients, therefore we need to Deploy a Subordinate CA.
http://technet.microsoft.com/en-us/library/cc772192(v=ws.10).aspx
