Your network contains an Active Directory domain named contoso.com.
Domain users use smart cards to sign in to their client computer.
Some users report that it takes a long time to sign in to their computer and that the logon attempt times out, so they must restart the sign in process. You discover that the issues to checking the certificate revocation list (CRL) of the smart card certificates.
You need to resolve the issue without diminishing the security of the smart card logons. What should you do?
A. From the properties of the smart card’s certificate template, modify the Request Handling settings.
B. From the properties of the smart card’s certificate template, modify the Issuance Requirements settings.
C. Deactivate certificate revocation checks on the computers.
D. Implement an Online Certification Status Protocol (OCSP) responder.
123given answer D is correct.
The question mentions “resolve the issue without diminishing the security of the smart card logons.” , therefore, answer C is incorrect.
Answer D is the correct approach to eliminate the need to transfer a full copy of CRL to smart card systems.
Answer B and A are totally irrelevant to this question.
Seems legit, only OSCP accepts HTTP..