Home » Microsoft » 70-640 » What should you do?
You have a Windows Server 2008 R2 that has the Active Directory Certificate Services server role installed.
You need to minimize the amount of time it takes for client computers to download a certificate revocation list (CRL).
What should you do?
A. Install and configure an Online Responder.
B. Import the Issuing CA certificate into the Trusted Root Certification Authorities store on all client workstations.
C. Install and configure an additional domain controller.
D. Import the Root CA certificate into the Trusted Root Certification Authorities store on all client workstations.
Correct Answer: A
Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc725958.aspx
What Is an Online Responder?
An Online Responder is a trusted server that receives and responds to individual client requests for information about the status of a certificate.
The use of Online Responders is one of two common methods for conveying information about the validity of certificates. Unlike certificate revocation lists (CRLs), which are distributed periodically and contain information about all certificates that have been revoked or suspended, an Online Responder receives and responds only to individual requests from clients for information about the status of a certificate. The amount of data retrieved per request remains constant no matter how many revoked certificates there might be.
In many circumstances, Online Responders can process certificate status requests more efficiently than by using CRLs.