You have an enterprise subordinate certification authority (CA).
You have a group named Group1.
You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1 must not
be allowed to revoke certificates.
What should you do?

You have an enterprise subordinate certification authority (CA) configured for key archival. Three keyrecovery
agent certificates are issued. The CA is configuredto use two recovery agents.
You need to ensure that all of the recovery agent certificates can be used to recover all new private keys.
What should you do?

You have an enterprise subordinate certification authority (CA). The CA is configured to use a hardware
security module.
You need to back up Active Directory Certificate Services on the CA.
Which command should you run?

You have Active Directory Certificate Services (AD CS) deployed.
You create a custom certificate template.
You need to ensure that all of the users in the domain automatically enroll for a certificate based onthe custom
certificate template.
Which two actions should you perform? (Each correctanswer presents part of the solution. Choose two.)

You have an enterprise subordinate certification authority (CA).
You have a custom Version 3 certificate template.
Users can enroll for certificates based on the custom certificate template by using the Certificates console. The
certificate template is unavailable for Web enrollment.
You need to ensure that the certificate template isavailable on the Web enrollment pages.
What should you do?

You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has
a key length of 1,024 bits. The template is enabledfor autoenrollment.
You increase the template key length to 2,048 bits.
You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new
template.
Which console should you use?

Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard.
The functional level of the domain is Windows Server 2003. You have a certification authority (CA).
The relevant servers in the domain are configured as shown below:

You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment
Web Service on the network.
What should you do?

You have a domain controller that runs the DHCP service.
You need to perform an offline defragmentation of the Active Directory database on the domain controller.
You must achieve this goal without affecting the availability of the DHCP service.
What should you do?

Your network contains two Active Directory forests named contoso.com and nwtraders.com. A two-way forest
trust exists between contoso.com and nwtraders.com.The forest trust is configured to use selective
authentication.
Contoso.com contains a server named Server1. Server1 contains a shared folder named Marketing.
Nwtraders.com contains a global group named G_Marketing. The Change share permission and the Modify
NTFS permission for the Marketing folder are assigned to the G_Marketing group. Members of G_Marketing
report that they cannot access the Marketing folder.
You need to ensure that the G_Marketing members canaccess the folder from the network.
What should you do?

Your network contains an Active Directory forest.
You need to add a new user principal name (UPN) suffix to the forest.
Which tool should you use?