A.Import the enterprise root CA certificate.
B.Import the OCSP Response Signing certificate.
C.Add the Server1 computer account to the CertPublishers group.
D.Set the Startup Type of the Certificate Propagation service to Automatic.

A.Renew the Certificate Revocation List （CRL） on the root CA . Copy the CRL to the CertEnroll folder on the issuing C
B.Renew the Certificate Revocation List （CRL） on the issuing CA . Copy the CRL to the SystemCertificates folder in th
C.Import the root CA certificate into the Trusted Root Certification Authorities store on all client workstations.
D.Import the issuing CA certificate into the Intermediate Certification Authorities store on all client workstations.

A.Implement an Online Certificate Status Protocol （OCSP） responder by using Network Load Balancing.
B.Implement an Online Certificate Status Protocol （OCSP） responder by using an Internet Security and Acceleration S
C.Publish the trusted certificate authorities list to the domain by using a Group Policy Object （GPO）.
D.Create a new Group Policy Object （GPO） that allows users to trust peer certificates. Link the GPO to the domain.

A.From the Active Directory Schema snap-in， create multiple class schema objects.
B.From the ADSI Edit snap-in， create multiple Password Setting objects.
C.From the Security Configuration Wizard， create multiple security policies.
D.From the Group Policy Management snap-in， create multiple Group Policy objects.

A.Install the AD CS server role and configure it as an Enterprise Root CA .
B.Install the AD CS server role and configure it as a Standalone CA .
C.Restrict enrollment agents for the Smartcard logon certificate to the Account Operator group.
D.Restrict certificate managers for the Smartcard logon certificate to the Account Operator group.
E.Create a Smartcard logon certificate.
F.Create an Enrollment Agent certificate.

A.Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.
B.Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.
C.Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group policy ob
D.Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.

A.Publish the code signing template.
B.Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and allow only admi
C.Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted Publishers.
D.Modify the security settings on the template to allow only administrators to request code signing certificates.

A.Import the enterprise root CA certificate.
B.Configure the Certificate Revocation List Distribution Point extension.
C.Configure the Authority Information Access （AIA） extension.
D.Add the Server2 computer account to the CertPublishers group.

A.Enable the Restrict Enrollment Agents option on the CA .
B.Enable the Restrict Certificate Managers option on the CA .
C.Add the Basic EFS certificate template for the Account Operators group.
D.Grant the Account Operators group the Manage CA permission on the CA .
E.Remove all unnecessary certificate templates that are assigned to the Account Operators group.

A.Remove the Request Certificates permission from the Domain Users group.
B.Remove the Request Certificates permission from the Authenticated Users group.
C.Assign the Allow - Manage CA permission to only the Security Manager user account.
D.Assign the Allow - Issue and Manage Certificates permission to only the Security Manager user account.

A.Configure auditing in the Certification Authority snap-in.
B.Enable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32%\CertSrv dire
C.Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%\CertLog directory.
D.Enable the Audit object access setting in the Local Security Policy for the Active Directory Certificate Services