Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member
server that runs Windows Server 2008 Standard.
You need to install an enterprise subordinate certification authority (CA) that supports private key archival. You
must achieve this goal by using the minimum amount of administrative effort.
What should you do first?

A.
Initialize the Trusted Platform Module (TPM).

B.
Upgrade the member server to Windows Server 2008 R2 Standard.

C.
Install the Certificate Enrollment Policy Web Service role service on the member server.

D.
Run the Security Configuration Wizard (SCW) and select the Active Directory Certificate Services -Certification Authority server role template check box.

Explanation:
Not sure about this one. See my thoughts below.
________________________________________________________________________________
According to MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) key archival isnot
available in the Windows Server 2008 R2 Standardedition, so that would leave out answer B.
Another dump gives the following for answer B:
“Upgrade the menber [sic] server to Windows Server 2008 R2 Enterprise.”
Should the actual exam mention to upgrade to the Enterprise edition for answer B, I’d go for that. In this VCE it
doesn’t seem to make sense to go for B as it shouldn’t work, I think.
Certificate Enrollment Policy Web Service role of answer C was introduced in Windows Server 2008 R2, so that
would not be an option on the mentioned Windows Server 2008 machine.
Trusted Platform Module is “a secure cryptographic integrated circuit (IC), provides a hardware-based
approach to manage user authentication, network access, data protection and more that takes security to
higher level than software-based security.”
(http://www.trustedcomputinggroup.org/resources/
how_to_use_the_tpm_a_guide_to_hardwarebased_endpoint_security/)
Pfff… I’m bothered that answer B speaks of the Standard edition, and not the Enterprise edition. Hope the VCE
is wrong.