Your company has an Active Directory domain. All servers run Windows Server 2008 R2.
Your company uses an Enterprise Root certificate authority (CA).
You need to ensure that revoked certificate information is highly available.
What should you do?

A.
Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet
Security and Acceleration Server array.

B.
Publish the trusted certificate authorities list to the domain by using a Group Policy Object
(GPO).

C.
Implement an Online Certificate Status Protocol (OCSP) responder by using Network
Load Balancing.

D.
Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link
the GPO to the domain.

Explanation:
Answer) Implement an Online Certificate Status Protocol (OCSP) responder by using
Network Load Balancing.

http://technet.microsoft.com/en-us/library/cc731027%28v=ws.10%29.aspx
AD CS: Online Certificate Status Protocol Support
Certificate revocation is a necessary part of the process of managing certificates issued by
certification authorities (CAs). The most common means of communicating certificate status
is by distributing certificate revocation lists (CRLs). In the Windows Server® 2008 operating
system, public key infrastructures (PKIs) where the use of conventional CRLs is not an
optimal solution, an Online Responder based on the Online Certificate Status Protocol
(OCSP) can be used to manage and distribute revocation status information.
What does OCSP support do?
The use of Online Responders that distribute OCSP responses, along with the use of CRLs,
is one of two common methods for conveying information about the validity of certificates.
Unlike CRLs, which are distributed periodically and contain information about all certificates
that have been revoked or suspended, an Online Responder receives and responds only to
requests from clients for information about the status of a single certificate. The amount of
data retrieved per request remains constant no matter how many revoked certificates there
might be.
In many circumstances, Online Responders can process certificate status requests more
efficiently than by using CRLs.
..
Adding one or more Online Responders can significantly enhance the flexibility and
scalability of an organization’s PKI.
..
Further information:
http://blogs.technet.com/b/askds/archive/2009/08/20/implementing-an-ocsp-responder-partv-highavailability.aspx
Implementing an OCSP Responder: Part V High Availability
There are two major pieces in implementing the High Availability Configuration. The first step
is to add the OCSP Responders to what is called an Array. When OCSP Responders are
configured in an Array, the configuration of the OCSP responders can be easily maintained,
so that all Responders in the Array have the same configuration. The configuration of the
Array Controller is used as the baseline configuration that is then applied to other members
of the Array. The second piece is to load balance the OCSP Responders. Load balancing of
the OCSP responders is what actually provides fault tolerance.