Exam MS-203 topic 3 question 23 discussion

If you're configuring a hybrid deployment in an organization that has Exchange servers deployed in multiple Active Directory forests, you must use a separate third-party CA certificate for each Active Directory forest.

Answer should be B. A separate certificate is required for each Active Directory forest. The linked documentation also mentions this.

If you're configuring a hybrid deployment in an organization that has Exchange servers deployed in multiple Active Directory forests, you must use a separate third-party CA certificate for each Active Directory forest. https://learn.microsoft.com/en-us/exchange/certificate-requirements

2 Certificates!

"For a multi-forest hybrid deployment, a single digital certificate can't be used for multiple Active Directory forests. Each forest must use a dedicated CA-issued certificate for secure mail transport to function correctly in a hybrid deployment. The certificate used for hybrid deployment features for each forest in a multi-forest organization must differ in at least one of the following properties..." https://docs.microsoft.com/en-us/exchange/hybrid-deployment/hybrid-with-multiple-forests

A separate certificate is required for each Active Directory forest.

ON exam - 4/18/2022 All 3 case studies were also on exam

If you're configuring a hybrid deployment in an organization that has Exchange servers deployed in multiple Active Directory forests, you must use a separate third-party CA certificate for each Active Directory forest.

The question is saying 3rd party certificate u can use self signed certificate for one of the domains not recommended but it works so answer is correct

If you're configuring a hybrid deployment in an organization that has Exchange servers deployed in multiple Active Directory forests, you must use a separate third-party CA certificate for each Active Directory forest.

If you're configuring a hybrid deployment in an organization that has Exchange servers deployed in multiple Active Directory forests, you must use a separate third-party CA certificate for each Active Directory forest.

I thought 2 certificates too. Then You can have a single SSL certificate with multiple SANs (both domains specified). So Answer is you only need 1 SSL certificate.

Third-party certificate for each server: Using a dedicated certificate for each server that hosts services allows you to configure the certificate specifically for the services on that server. If you need to replace the certificate or renew it, you only need to replace it on the server where the services are installed. Other servers aren't impacted. https://docs.microsoft.com/en-us/exchange/certificate-requirements

"If you're configuring a hybrid deployment in an organization that has Exchange servers deployed in multiple Active Directory forests, you must use a separate third-party CA certificate for each Active Directory forest. When Exchange Edge Transport servers are deployed in an on-premises organization, this certificate must also be installed on all Edge Transport servers. Each Edge transport server must use a certificate that shares the same issuing CA and the same subject for hybrid secure mail to function correctly." Correct answer is B.