Your network consists of one Active Directory domain that contains two servers named Server1 and Server2 that run Windows Server 2008. Server1 runs Active Directory Certificate Services (AD CS) and is configured as an enterprise root certification authority (CA).
Server1 is only accessible from the internal network.
Server1 issues certificates to both internal and external client computers that run Windows Vista.
Server2 is configured as a Web server. Server2 is located in the perimeter network and is only accessible through HTTP.
The network is configured as shown in the following diagram:
You need to recommend an e-mail security solution for all Windows Vista client computers that meets the following requirements:
- Users must only request status information for individual certificates.
- Users must be notified when they attempt to send a secure e-mail message to a user that has an expired certificate.
What should you recommend?
A. Configure a root CA on Server2.
B. Configure a subordinate CA on Server2.
C. Configure the Online Responder service on Server2.
D. Configure a certification revocation list (CRL) distribution point on Server2.
