You need to ensure that the encryption keys for e-mail certificates can be recovered from the CA database

seenagapeJuly 3, 2015

Your network contains a single Active Directory domain. The domain contains an enterprise
certification authority (CA).
You need to ensure that the encryption keys for e-mail certificates can be recovered from the
CA database.
You modify the e-mail certificate template to support key archival.
What should you do next?

PrepAway - Latest Free Exam Questions & Answers

A.
Issue the key recovery agent certificate template.

B.
Run certutil.exe -recoverkey.

C.
Run certreq.exe-policy.

D.
Modify the location of the Authority Information Access (AIA) distribution point.

Explanation:
http://technet.microsoft.com/en-us/library/cc770588.aspx
Identify a Key Recovery Agent
A key recovery agent is a person who is authorized to recover a certificate on behalf of an
end user. Because the role of key recovery agents can involve sensitive data, only highly
trusted individuals should be assigned to this role.
To identify a key recovery agent, you must configure the Key Recovery Agent certificate
template to allow the person assigned to this role to enroll for a key recovery agent
certificate.

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

Microsoft Exam Questions

Free Microsoft Study Guide

You need to ensure that the encryption keys for e-mail certificates can be recovered from the CA database

Leave a Reply Cancel reply