Microsoft Exam Questions

Which two permissions should you assign to Group1?

Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the
Active Directory Certificate Services server role installed and is configured to support key
archival and recovery.
You create a new Active Directory group named Group1.
You need to ensure that the members of Group1 can request a Key Recovery Agent
certificate. The solution must minimize the permissions assigned to Group1.
Which two permissions should you assign to Group1? (Each correct answer presents part of
the solution. Choose two.)

A.
Read

B.
Auto enroll

C.
Write

D.
Enroll

E.
Full control

Explanation:
* In Template, type a new template display name, and then modify any other optional
properties as needed.
On the Security tab, click Add, type the name of the users you want to issue the key
recovery agent certificates to, and then click OK.
Under Group or user names, select the user names that you just added. Under Permissions,
select the Read and Enroll check boxes, and then click OK.