Your network contains an Active Directory domain. The domain contains an enterprise certification
authority (CA) named Server1 and a server named Server2. On Server2, you deploy Network Policy
Server (NPS) and you configure a Network Access Protection (NAP) enforcement policy for IPSec.
From the Health Registration Authority snap-in on Server2, you set the lifetime of health certificates
to four hours. You discover that the validity period of the health certificates issued to client
computers is one year. You need to ensure that the health certificates are only valid for four hours.
What should you do?

A.
Modify the Request Handling settings of the certificate template used for the health certificates.

B.
Modify the Issuance Requirements settings of the certificate template used for the health
certificates.

C.
On Server1, run certutil.exe -setreg policy\editflags +editf_attributeenddate.

D.
On Server1, run certutil.exe Csetregdbflags +dbflags_enablevolatilerequests.