Your company has an Active Directory domain.
You installan Enterprise Root certification authority (CA)on a member servernamed Server1.
You need to ensure that only the Security Manager is authorized to revoke certificates that are supplied
by Server1.
What should you do?

A.
Remove the Request Certificates permission from the Domain Users group.

B.
Remove the Request Certificated permission from the Authenticated Users group.

C.
Assign the Allow – Manage CA permission to only the Security Manager user Account.

D.
Assign the Allow – Issue and Manage Certificates permission to only the Security Manger user account

Explanation:
Reference:
http://technet.microsoft.com/en-us/library/cc732590.aspx
Implement Role-Based Administration
You can use role-based administration to organize certification authority (CA) administrators into separate,
predefined CA roles, each with its own set of tasks. Roles are assigned by using each user’s security settings.
You assign a role to a user by assigning that user the specific security settings that are associated with the role.
A user that has one type of permission, such as Manage CA permission, can perform specific CA tasks that a
user with another type of permission, such as Issueand Manage Certificates permission, cannot perform.
The following table describes the roles, users, andgroups that can be used to implement role-based
administration.
Roles and groups
Certificate manager
Security permission
Issue and Manage Certificates
Description
Approve certificate enrollment and revocation requests.This is a CA role. This role is sometimes referred
to as CA officer. These permissions are assigned byusing the Certification Authority snap-in.