PrepAway - Latest Free Exam Questions & Answers

You need to minimize the amount of network bandwidth required to validate a certificate

Your network contains an Active Directory forest. All client computers run Windows 7.
The network contains a high-volume enterprise certification authority (CA).
You need to minimize the amount of network bandwidth required to validate a certificate.
What should you do?

PrepAway - Latest Free Exam Questions & Answers

A.
Configure an LDAP publishing point for the certificate revocation list (CRL).

B.
Configure an Online Certification Status Protocol(OCSP) responder.

C.
Modify the settings of the delta certificate revocation list (CRL).

D.
Replicate the certificate revocation list (CRL) by using Distributed File System (DFS).

Explanation:
Reference:
MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012)
page 779
Online responder
This service is designed to respond to specific certificate validation requests through the Online Certificate
Status Protocol (OCSP). Using an online responder (OR), the system relying on PKI does not need to obtain a
full CRL and can submit a validation request for a specific certificate. The online responder decodes the
validation request and determines whether the certificate is valid. When it determines the status of the
requested certificate, it sends back an encrypted response containing the information to the requester. Using
online responders is much faster and more efficientthan using CRLs. AD CS includes online responders as a
new feature in Windows Server 2008 R2.


Leave a Reply