Active Directory Certificate Authority

I am studying to get the 70-640 certificate. Unfortunately I have difficulties to fully understand the Active Directory Certificate Authority (AD CA - AD CS ) and how it works.
Can someone help me?
Many Thanks
Can someone help me?
Many Thanks
Comments
I know it is not easy to reply but It would be great for me get at least an idea in how it is used for in the real life and how it works in general.... to go further deep
I was looking a particle exam.... I have realised there are a lot of question on CA - CS ....
Many Thanks
Build a lab. Create an offline root Certificate Authoriy (CA) (more complex but you'll learn more) with an enterprise subordinate CA. Attempt to issue user certificates for EFS for your domain users (this will require Data Recovery Agent - again you will learn more) and if you really want to get good with it, do a web server certificate and make your IIS setting set to require SSL.
For theory and lessons on it, technet or the ms press training kit do a great job already. Rest is real experience with a CA.
In 2008/R2, another use would be for certificates of health in network access protection, but I honestly have no idea how much that is used in the real world.