You are a network administrator for a company named Humongous Insurance. Humongous
Insurance has an Active Directory forest that contains two domains. You install the Active
Directory Rights Management Services server role on a server named ADRMS1. The Active
Directory Rights Management Services (AD RMS) server uses an internal certification
authority (CA) for all certificates. You plan to provide users with the ability to use AD RMS to
protect all of the email messages sent to a partner company named Contoso, Ltd. Contoso
does not have AD RMS deployed. You need to identify which components from the
Humongous Insurance network must be accessible to Contoso to ensure that the users at
Contoso can open protected messages. Which two components should you identify? (Each
correct answer presents part of the solution. Choose two.)
A.
The Mailbox servers
B.
The Active Directory domain controllers
C.
The certificate revocation list (CRL)
D.
The Client Access servers
E.
The Global Catalog servers
F.
The AD RMS cluster
B&C
0
0
Now I’m thinking C&F.
0
0
Lets ask the question this way: Who in their right mind would make a DC accessible from the internet?
Your second answer…
0
0
A sounds like a stupid choice.
B doesn’t sound correct.
Don’t think D is correct either because the Federation server / Federation proxy should be the ‘stopping point’ and that can contact the GC/DC instead of letting a partner company contact DC / GC directly.
C is definitely correct
I am not sure between E and F
0
0
B and C will work.
@edward, you are right, not a preferred solution, you can restrict this by if firewall rule for a particulair ip-address and uses of a VPN.
0
0
C: The CRL is exactly what its name implies: a list of subscribers paired with digital certificate
status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates
of certificate issue, and the entities that issued them, are also included. In addition, each list
contains a proposed date for the next release. When a potential user attempts to access a server,
the server allows or denies access based on the CRL entry for that particular user.
B: If federation cannot be implemented and the external organization cannot implement their own
AD RMS infrastructure, hosting the user accounts can be the best option.
However, the cost of managing such accounts (for both the IT department and each user) must
be considered. In this case, the users will need to be authenticated by a domain controller.
0
0
I would go with B and C , B can be made available via VPN client
0
0