Your network contains a serverthat runs Windows Server 2008 R2.
The server is configuredas an enterprise root certification authority (CA).
You have a Web sitethat usesx.509 certificates for authentication.
The Web siteis configuredto use a many-to-one mapping.
You revoke a certificate issued to an external partner.
You need to prevent the external partner from accessingthe Web site.
What should you do?

A.
Run certutil.exe -crl.

B.
Run certutil.exe -delkey.

C.
From Active Directory Users and Computers, modifythe membership of the IIS_IUSRS group.

D.
From Active Directory Users and Computers, modifythe Contact object for the external partner.

Explanation:
http://technet.microsoft.com/library/cc732443.aspx
Certutil
Certutil.exe is a command-line program that is installed as part of Certificate Services. You can use Certutil.exe
to dump and display certification authority (CA) configuration information, configure Certificate Services, backup
and restore CA components, and verify certificates,key pairs, and certificate chains.
Verbs
-CRL
Publish new certificate revocation lists (CRLs) [or only delta CRLs]
http://technet.microsoft.com/en-us/library/cc783835%28v=ws.10%29.aspx
Requesting Offline Domain Controller Certificates (Advanced Certificate Enrollment and Management)
If you have determined the keycontainername for a specific certificate, you can delete the key container with the
following command.
certutil.exe -delkey <KeyContainerName>
The -delkey option is supported only with the Windows Server 2003 version of certutil. On Windows 2000, you
must add a prefix to the commands. The prefix is the path you have copied the Windows Server 2003 version
of certutil to. In this white paper, the %HOMEDRIVE%\W2K3AdmPak path is used.