Explanation/Reference:
Explanation:
A Datum identifies the following security requirements:
An offline root certification authority (CA) must be configured

Client computers must be issued certificates by a server in their local office

Changes to the CA configuration settings and the CA security settings must be logged

Client computers must be able to renew certificates automatically over the Internt

The number of permissions and privileges assigned to users must be minimized whenever possible

Users from a group named Group1 must be able to create new instances of App1 in the private cloud

Cent computers must be issued new certificates when the computers are connected to the local

network only
The virtual machines used to host App2 must use BitLocker Drive Encryption (BitLocker)

Users from Trey Research must be able to access App2 by using their credentials from

treyresearch.com
The company is developing an application named AppI. App1 is a multi-tier application that will be sold as a service to customers. Each instance of App1 is comprised of the following three tiers:
A web front end

A middle tier that uses Windows Communication Foundation (WCF)

A Microsoft SQL Server 2008 R2 database on the back end. Each tier will be hosted on one or more

virtual machines. Multiple-tiers cannot coexist on the same virtual machine.
When customers purchase App1, they can select from one of the following service levels:
Standard: Uses a single instance of each virtual machine required by AppI. If a virtual machine

becomes unresponsive, the virtual machine must be restrarted.
Enterprise: Uses multiple instances of each virtual machine required by App1 to provide high-

availability and fault tolerance.
All virtual hard disk (VHD) files for App1 will be stored in a file share. The VHDs must be available if a server fails.
You plan to deploy an application named App2. App2 is comprised of the following two tiers:
A web front end

A dedicated SQL Server 2008 R2 database on the back end App2 will hosted on a set of virtual

amchines in a Hyper-V cluster in the Miami office. The virtual machines will use dynamic IP addresses.
A copy of the App2 virtual machines will be maintained in the Seattle office.
App2 will be used by users from a partner company named Trey Research. Trey Research has a single Active Directory domain named treyresearch.com. Treyresearch.com contains a server that has the Active Directory Federation Services server role and all of the Active Directory Federation Services (AD FS) role services installed.
Every federation server in an Active Directory Federation Services (AD FS) 2.0 farm must have access to the private key of the server authentication certificate. If you are implementing a server farm of federation servers or Web servers, you must have a single authentication certificate. This certificate must be issued by an enterprise certification authority (CA), and it must have an exportable private key. The private key of the server authentication certificate must be exportable so that it can be made available to all the servers in the farm.
This same concept is true of federation server proxy farms in the sense that all federation server proxies in a farm must share the private key portion of the same server authentication certificate.
References: http://technet.microsoft.com/en-us/library/dd807097(v=ws.10).aspx