Your network contains an Active Directory forest named contoso.com.
Your company works with a partner company that has an Active Directory forest named fabrikam.com.
Both forests contain domain controllers that run only Windows Server 2012 R2.
The certification authority (CA) infrastructure of both companies is configured as shown in the following
table.

You need to recommend a certificate solution that meets the following requirements:
 Server authentication certificates issued from fabrikam.com must be trusted automatically by
the computers in contoso.com.
 The computers in contoso.com must not trust automatically any other type of certificates
issued from the CA hierarchy in fabrikam.com.
What should you include in the recommendation?

A.
Deploy a Group Policy object (GPO) that defines intermediate CAs. Import a certificate that has an
application policy object identifier (OID) of CA Encryption Certificate.

B.
Deploy a Group Policy object (GPO) that defines an enterprise trust. Import a certificate that has an
application policy object identifier (OID) of Microsoft Trust List Signing.

C.
Deploy a Group Policy object (GPO) that defines an enterprise trust. Import a certificate that has an
application policy object identifier (OID) of CA Encryption Certificate.

D.
Deploy a Group Policy object (GPO) that defines intermediate CAs. Import a certificate that has an
application policy object identifier (OID) of Microsoft Trust List Signing.