Which certificates should you identify?

You have a Microsoft Exchange Server 2019 organization named contoso.com and an Exchange Online tenant.

You plan to implement a hybrid deployment.

You have the certificates shown in the following table.

You need to identify which certificates can be assigned in the Microsoft Office 365 Exchange Hybrid Configuration wizard.

Which certificates should you identify?
A . Cert4 and Cert5 only
B . Cert2 and Cert3 only
C . Cert1 only
D . Cert3 and Cert5 only
E . Cert2 and Cert4 only
F . Cert2, Cert3, Cert4, and Cert5 only

View Answer

Answer: D

Explanation:

For the hybrid deployment with the Exchange Hybrid Configuration wizard, the best practice is to use certificates that are issued by a public certification authority (CA). Additionally, the certificates should have the required subject names for the hybrid deployment, typically including the domain and autodiscover subdomain.

Based on the table:

Cert1 is self-signed, so it’s not ideal for a hybrid setup.

Cert2 is from an internal CA and uses a wildcard (*), which can technically work but isn’t recommended for hybrid deployments.

Cert3 is from an internal CA and has both contoso.com and autodiscover.contoso.com, which are required names.

Cert4 is from a public CA with a wildcard (*), and while wildcards from a public CA can be used, they’re not best practice for hybrid deployments.

Cert5 is from a public CA and has both contoso.com and autodiscover.contoso.com, which are the required names.