Prev Question
Next Question

Your network contains an Active Directory domain named adatum.com.
The domain contains four servers. The servers are configured as shown in the following table.

You plan to deploy an enterprise certification authority (CA) on a server named Server5. Server5 will be used to issue certificates to domain-joined computers and
workgroup computers.
You need to identify which server you must use as the certificate revocation list (CRL) distribution point for Server5.
Which server should you identify?

A. Server 3

B. Server 2

C. Server 4

D. Server 1

Explanation:
We cannot use AD DS because workgroup computers must access CRL distribution point.
It is not always possible to contact a CA or other trusted server for information about the validity of a certificate. To effectively support certificate status checking, a
client must be able to access revocation data to determine whether the certificate is valid or has been revoked. To support a variety of scenarios, Active Directory
Certificate Services (AD CS) supports industry-standard methods of certificate revocation. These include publication of certificate revocation lists (CRLs) and delta
CRLs, which can be made available to clients from a variety of locations, including Active Directory Domain Services (AD DS), Web servers, and network file
shares.

Incorrect Answers:
B: We cannot use FileShare because workgroup computers must access CRL distribution point
C: Public facing web server can be used
D: AD DS, Web & File Share only
References:
https://technet.microsoft.com/en-us/library/cc771079.aspx

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *