Your company has an Active Directory domain. All servers run Windows Server.
You deploy a Certification Authority (CA) server.
You create a new global security group named CertIssuers.
You need to ensure that members of the CertIssuers group can issue, approve, and revoke
certificates.
What should you do?

A.
Assign the Certificate Manager role to the CertIssuers group

B.
Place CertIssuers group in the Certificate Publisher group

C.
Run the certsrv -add CertIssuers command promt of the certificate server

D.
Run the add -member-membertype memberset CertIssuers command by using Microsoft
Windows Powershell

Explanation:
http://technet.microsoft.com/en-us/library/cc779954%28v=ws.10%29.aspx
Role-based administration
Role explanation
Role-based administration involves CA roles, users, and groups. To assign a role to a user
or group, you must assign the role’s corresponding security permissions, group
memberships, or user rights to the user or group.
These security permissions, group memberships, and user rights are used to distinguish
which users have which roles. The following table describes the CA roles of role-based
administration and the groups relevant to role-based administration.

Certificate Manager:
Delete multiple rows in database (bulk deletion)
Issue and approve certificates
Deny certificates
Revoke certificates
Reactivate certificates placed on hold
Renew certificates
Recover archived key
Read CA database
Read CA configuration information