Microsoft 70-640 Practice Test Question 8
Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certificate authority (CA). You need to ensure that revoked certificate information is highly available. What should you do?
A. Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration Server array.
B. Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).
C. Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.
D. Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.
Answer: C
Explanation: To ensure that the revoked certificate information is available at all, you should use the network load balancing and publish an OCSP responder. OCSP is an online responder that can receive a request to check for revocation of a certificate without the client having to download the entire CRL. This process speeds up certificate revocation checking and reduces network bandwidth used for this process. This can be helpful especially when such checking is down over slow WAN links.
Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certificate authority (CA). You need to ensure that revoked certificate information is highly available. What should you do?
A. Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration Server array.
B. Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).
C. Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.
D. Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.
Answer: C
Explanation: To ensure that the revoked certificate information is available at all, you should use the network load balancing and publish an OCSP responder. OCSP is an online responder that can receive a request to check for revocation of a certificate without the client having to download the entire CRL. This process speeds up certificate revocation checking and reduces network bandwidth used for this process. This can be helpful especially when such checking is down over slow WAN links.
No comments:
Post a Comment