You need to ensure that the encryption keys for e-mail certificates can be recovered from the CA database

seenagapeOctober 12, 2013

Your network contains a single Active Directory domain.
The domain contains an enterprise certification authority (CA).
You need to ensure that the encryption keys for e-mail certificates can be recovered from the CA
database.
You modify the e-mail certificate template to support key archival.
What should you do next?

PrepAway - Latest Free Exam Questions & Answers

A.
Issue the key recovery agent certificate template.

B.
Run certutil.exe -recoverkey.

C.
Run certreq.exe-policy.

D.
Modify the location of the Authority Information Access (AIA) distribution point.

Explanation:
Reference:
http://technet.microsoft.com/en-us/library/cc770588.aspx
Identify a Key Recovery Agent
A key recovery agent is a person who is authorized to recover a certificate on behalf of an end user. Because
the role of key recovery agents can involve sensitive data, only highly trusted individuals should be assigned to
this role.
To identify a key recovery agent, you must configure the Key Recovery Agent certificate templateto allow the
person assigned to this role to enroll for a key recovery agent certificate.

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

Microsoft Exam Questions

Free Microsoft Study Guide

You need to ensure that the encryption keys for e-mail certificates can be recovered from the CA database

Leave a Reply Cancel reply