DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 R2.
You plan to install the Active Directory Federation Services server role on Server1 to allow for
Workplace Join.
You run nslookupenterpriseregistration and you receive the following results:
You need to create a certificate request for Server1 to support the Active Directory Federation
Services (AD FS) installation.
How should you configure the certificate request? To answer, drag the appropriate names to the
correct locations. Each name may be used once, more than once, or not at all. You may need to drag
the split bar between panes or scroll to view content.
Answer: 
Explanation:
Example:
Install a server SSL certificate
You must install a server Secure Socket Layer (SSL) certificate on the ADFS1 server in the local
computer store. The certificate MUST have the following attributes:
Subject Name (CN): adfs1.contoso.com
Subject Alternative Name (DNS): adfs1.contoso.com
Subject Alternative Name (DNS): enterpriseregistration.contoso.comReference: Set up the lab environment for AD FS in Windows Server 2012 R2
https://technet.microsoft.com/en-us/library/dn781428.aspx
1
0
Whether you are obtaining a new SSL certificate from a third party or from an enterprise certification authority (CA), ensure the certificate has subject alternative name entries of type DNS for each of the following:
Your federation service name, such as fs.contoso.com (or an appropriate wildcard entry such as *.contoso.com)
If you are using AD FS with Device Registration Service (DRS), add an additional SAN of type DNS for each UPN suffix in use in your environment, for example enterpriseregistration.contoso.com.
It’s recommended that you mark the private key as exportable so that the same certificate can be deployed across each federation server and web application proxy within your AD FS farm. Note that the certificate must be publicly trusted (chain to a publicly trusted root CA).
0
0
i would say:
CN: adfs1.contoso.com
SAN:
server1.contoso.com
enterpriseregistration.contoso.com
it makes no sense to use adfs1.contoso.com twice in the CN field and again as SAN.
0
1
By default, the first SAN is the CN, when you create a SSL certificate. So if you choose adfs1.contoso.com as the CN, by default the first SAN is the DNS adfs1.contoso.com
So the answer is correct
2
0
confirmation here, on test
http://www.aiotestking.com/microsoft/how-should-you-configure-the-certificate-request-2/
0
0
https://technet.microsoft.com/en-us/library/dn781428.aspx#BKMK_1
Heading Request and enroll a new SSL certificate for AD FS
Steps 5 through 8
0
0