Your network contains three servers named ADFS1, ADFS2, and ADFS3 that run Windows
Server 2008 R2. ADFS1 has the Active Directory Federation Services (AD FS) Federation
Service role service installed.
You plan to deploy AD FS 2.0 on ADFS2 and ADFS3.

You need to export the token-signing certificate from ADFS1, and then import the certificate
to ADFS2 and ADFS3.
In which format should you export the certificate?

A.
Personal Information Exchange PKCS #12 (.pfx)

B.
DER encoded binary X.509 (.cer)

C.
Cryptographic Message Syntax Standard PKCS #7 (.p7b)

D.
Base-64 encoded X.S09 (.cer)

Explanation:
Reference 1)
http://technet.microsoft.com/en-us/library/ff678038.aspx
Checklist: Migrating Settings in the AD FS 1.x Federation Service to AD FS 2.0
If the AD FS 1.x Federation Service has a token-signing certificate that was issued by a
trusted certification authority (CA) and you want to reuse it, you will have to export it from AD
FS 1.x.
[The site provides also a link for instructions on how to export the token-signing certificate.
That link point to the site mentioned in reference 2.]
Reference 2)
http://technet.microsoft.com/en-us/library/cc784075.aspx
Export the private key portion of a token-signing certificate
To export the private key of a token-signing certificate
Click Start, point to Administrative Tools, and then click Active Directory Federation
Services.
Right-click Federation Service, and then click Properties.
On the General tab, click View.
In the Certificate dialog box, click the Details tab.
On the Details tab, click Copy to File.
On the Welcome to the Certificate Export Wizard page, click Next.
On the Export Private Key page, select Yes, export the private key, and then click Next.
On the Export File Format page, select Personal Information Exchange = PKCS #12 (.PFX),
and then click Next.
(…)