Which certificate should you identify?

Your network contains an Active Directory domain named contoso.com. Your company has an enterprise root certification authority (CA) named CA1. You plan to deploy Active Directory Federation Services (AD FS) to a server named Server1. The company purchases a Microsoft Office 365 subscription. You plan to register the company’s SMTP domain for Office 365 and to configure single sign-on for all users. You need to identify which certificate is required for the planned deployment.

Which certificate should you identify?
A . a server authentication certificate that is issued by a trusted third-party root CA and that contains the subject name serverl.contoso.com
B . a self-signed server authentication certificate for server1.contoso.com
C . a server authentication certificate that is issued by a trusted third-party root CA and that contains the subject name Server1
D . a server authentication certificate that is issued by CA1 and that contains the subject name Server1

View Answer

Answer: A

Explanation:

Prepare Your Server and Install ADFS

You can install ADFS on a domain controller or another server. You’ll first need to configure a few prerequisites. The following steps assume you’re installing to Windows Server 2008 R2.

Using Server Manager, install the IIS role and the Microsoft .NET Framework. Then purchase and install a server-authentication certificate from a public certificate authority. Make sure you match the certificate’s subject name with the Fully Qualified Domain Name of the server. Launch IIS Manager and import that certificate to the default Web site.

Reference: Geek of All Trades: Office 365 SSO: A Simplified Installation Guide

https://technet.microsoft.com/en-us/magazine/jj631606.aspx