PrepAway - Latest Free Exam Questions & Answers

You enable key archival on the C

Your network contains an enterprise certification authority (CA) that runs Windows Server
2008 R2 Enterprise.
You enable key archival on the C

PrepAway - Latest Free Exam Questions & Answers

A.
The CA is configured to use custom certificate templates for Encrypted File System (EFS)
certificates.
You need to archive the private key for all new EFS certificates.
Which snap-in should you use?
Active Directory Users and Computers

A.
The CA is configured to use custom certificate templates for Encrypted File System (EFS)
certificates.
You need to archive the private key for all new EFS certificates.
Which snap-in should you use?
Active Directory Users and Computers

B.
Authorization Manager

C.
Group Policy Management

D.
Enterprise PKI

E.
Security Templates

F.
TPM Management

G.
Certificates

H.
Certification Authority

I.
Certificate Templates

Explanation:
http://technet.microsoft.com/en-us/library/cc753826.aspx
Configure a Certificate Template for Key Archival

The key archival process takes place when a certificate is issued. Therefore, a certificate
template must be modified to archive keys before any certificates are issued based on this
template.
Key archival is strongly recommended for use with the Basic Encrypting File System (EFS)
certificate template in order to protect users from data loss, but it can also be useful when
applied to other types of certificates.
To configure a certificate template for key archival and recovery
1. Open the Certificate Templates snap-in.
2. In the details pane, right-click the certificate template that you want to change, and then
click Duplicate Template.
3. In the Duplicate Template dialog box, click Windows Server 2003 Enterprise unless all of
your certification authorities (CAs) and client computers are running Windows Server 2008
R2, Windows Server 2008, Windows 7, or Windows Vista.
4. In Template, type a new template display name, and then modify any other optional
properties as needed.
5. On the Security tab, click Add, type the name of the users or groups you want to issue the
certificates to, and then click OK.
6. Under Group or user names, select the user or group names that you just added. Under
Permissions, select the Read and Enroll check boxes, and if you want to automatically issue
the certificate, also select the Autoenroll check box.
7. On the Request Handling tab, select the Archive subject’s encryption private key check
box.
Original explanation:
http://technet.microsoft.com/en-us/library/cc730721
Original explanation:
http://technet.microsoft.com/en-us/library/cc730721


Leave a Reply