ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-742 All Questions

View all questions & answers for the 70-742 exam
Go to Exam

Exam 70-742 topic 1 question 202 discussion

Actual exam question from Microsoft's 70-742
Question #: 202
Topic #: 1
[All 70-742 Questions]

Your network contains an Active Directory domain named contoso.com. Domain users use smart cards to sign in to their client computer.
Some users report that it takes a long time to sign in to their computer and that the logon attempt times out, so they must restart the sign in process. You discover that the issues to checking the certificate revocation list (CRL) of the smart card certificates.
You need to resolve the issue without diminishing the security of the smart card logons.
What should you do?

  • A. From the properties of the smart card's certificate template, modify the Request Handling settings.
  • B. From the properties of the smart card's certificate template, modify the Issuance Requirements settings.
  • C. Deactivate certificate revocation checks on the computers.
  • D. Implement an Online Certification Status Protocol (OCSP) responder.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by paprda at Aug. 5, 2019, 8:52 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
coleman
Highly Voted 5 years, 6 months ago
the answer is correct The question mentions "resolve the issue without diminishing the security of the smart card logons." , therefore, answer C is incorrect. Answer A is the correct approach to eliminate the need to transfer a full copy of CRL to smart card systems. Answer A and B are totally irrelevant to this question.
upvoted 6 times
hkhk
4 years, 9 months ago
coleman Thanks for your justification. Just to remind all, the Answer is D (A is a typo).
upvoted 2 times
...
...
yesboet
Most Recent 4 years, 7 months ago
D is correct
upvoted 2 times
...
Kamikazekiller
4 years, 11 months ago
D. Implement an Online Certification Status Protocol (OCSP) responder.
upvoted 4 times
...
vkv1975
5 years, 1 month ago
HI coleman, DID YOU SAY D IS THE CORRECT ANSWER, I RECKON YOU HAD A TYPO AND WRITTEN A IS THE ANSWER.
upvoted 3 times
GoldenFox
4 years, 5 months ago
Yes. D.
upvoted 1 times
...
...
lbs
5 years, 1 month ago
Answer is correct.
upvoted 2 times
...
paprda
5 years, 10 months ago
yes https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc700843(v=technet.10)
upvoted 3 times
GenjamBhai
4 years, 10 months ago
D is correct. OCSP is alternate way to check cert's revocation status using OSCP Responder instead of CDP. Removing CRL check is diminishing security. Online Certificate Status Protocol (OCSP). A protocol that allows real-time validation of a certificate's status by having the CryptoAPI make a call to an OCSP responder and the OCSP responder providing an immediate validation of the revocation status for the presented certificate. Typically, the OCSP responder uses CRLs for retrieving certificate status information. https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc700843(v=technet.10)
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel