Configuring Advanced Windows Server 2012 Services — Question 78

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2.
Server1 has an enterprise root certification authority (CA) for contoso.com.
You deploy another member server named Server2 that runs Windows Server 2012 R2 and has the Web Server (IIS) server role installed.
You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point for the CA. The solution must ensure that CRLs are published automatically to Server2.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

Answer options

• A. Create an http:// CRL distribution point (CDP) entry.
• B. Configure a CA exit module.
• C. Create a file:// CRL distribution point (CDP) entry.
• D. Configure a CA policy module.
• E. Configure an enrollment agent.

Correct answer: A, D

Explanation

The correct actions are A and D. Creating an http:// CRL distribution point (CDP) entry is essential for the CRLs to be accessible over the web, while configuring a CA policy module ensures that the CA publishes the CRLs properly. The other options are not applicable in this scenario; for instance, a CA exit module (B) is used in different contexts, and a file:// CDP entry (C) is not suitable for automatic web publishing.