Home » Microsoft » 70-640 » What do you need to do next?
You are the network administrator for your organization.
Your company uses a Windows Server 2008 R2 Enterprise Root CA.
The company has issued a new policy that prevents port 443 and port 80 from being opened on domain controllers and on issuing CAs.
Your users need to request certificates from a web interface. You have already installed the AD CS role.
What do you need to do next?
A. Configure the Certificate Authority Web Enrollment Service on a member server.
B. Configure the Certificate Authority Web Enrollment Service on a domain server.
C. Configure AD FS on member server to allow secure web-based access.
D. Configure AD FS on domain controller to allow secure web-based access.
Correct Answer: A
Explanation/Reference:
Basically the same as A/Q41:
http://technet.microsoft.com/en-us/library/dd759209.aspx
Certificate Enrollment Web Service Overview
The Certificate Enrollment Web Service is an Active Directory Certificate Services (AD CS) role service that enables users and computers to perform certificate enrollment by using the HTTPS protocol. Together with the Certificate Enrollment Policy Web Service, this enables policy-based certificate enrollment when the client computer is not a member of a domain or when a domain member is not connected to the domain.
Personal note:
since domain controllers are off-limits (regarding open ports), you are left to install the Certificate Enrollment Web Service role service on a plain member server
