You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directory-based single domain single forest network. The company's network is connected to the Internet through a T1 line. The firewall is configured on the network for securing the internal network from the intruders on the Internet. The functional level of the forest is Windows Server 2008. You are designing a public key infrastructure (PKI) for the network. The network will use a root enterprise certificate authority (CA) and a subordinate CA. The root CA will be used to issue certificates to the subordinate CA, and the subordinate CA will be used to issue certificates to the clients.

The management of the company wants to ensure that the security of high-level CAs is not compromised. Which of the following steps will you take to accomplish the task?