HOTSPOT
You need to configure the single sign-on environment for Contoso.
Which certificate type and DNS entry should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
The token-signing certificate must contain a private key that chains to a trusted root in the FS. AD FS creates a self-signed certificate by default.
It is recommend that the self-signed token-signing certificate generated by AD FS is used.
Microsoft best practices recommends that you use the host name, STS (secure token service). ie. sts.domain.com.
Explanation:
https://www.digicert.com/csr-creation-microsoft-office-365.htm
https://support.office.com/en-us/article/Plan-for-third-party-SSL-certificates-for-Office-365-b48cdf63-07e0-4cda-8c12-4871590f59ce?ui=en-US&rs=en-US&ad=US