You are an Active Directory administrator for Contoso, Ltd. You have a properly configured
certification authority (CA) in the contoso.com Active Directory Domain Services (AD DS) domain.
Contoso employees authenticate to the VPN by using a user certificate issued by the CA.
Contoso acquires a company named Litware, Inc., and establishes a forest trust between
contoso.com and litwareinc.com. No CA currently exists in the litwareinc.com AD DS domain. Litware
employees do not have user accounts in contoso.com and will continue to use their litwareinc.com
user accounts.
Litware employees must be able to access Contoso’s VPN and must authenticate by using a user
certificate that is issued by Contoso’s CA.
You need to configure cross-forest certificate enrollment for Litware users.
Which two actions should you perform? Each correct answer presents part of the solution.
A.
Grant the litwareinc.com AD DS Domain Computers group permissions to enroll for the VPN
template on the Contoso CA.
B.
Copy the VPN certificate template from contoso.com to litwareinc.com.
C.
Add Contoso’s root CA certificate as a trusted root certificate to the Trusted Root Certification
Authority in litware.com.
D.
Configure clients in litwareinc.com to use a Certificate Policy server URI that contains the location
of Contoso’s CA.