You have an enterprise subordinate certification authority (CA) configured for key archival.
Three key recovery agent certificates are issued. The CA is configured to use two recovery
agents.
You need to ensure that all of the recovery agent certificates can be used to recover all new
private keys.
What should you do?

You have an enterprise subordinate certification authority (CA). The CA is configured to use
a hardware security module.
You need to back up Active Directory Certificate Services on the CA.
Which command should you run?

You have Active Directory Certificate Services (AD CS) deployed.

You create a custom certificate template.
You need to ensure that all of the users in the domain automatically enroll for a certificate
based on the custom certificate template.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)

You have an enterprise subordinate certification authority (CA).
You have a custom Version 3 certificate template.
Users can enroll for certificates based on the custom certificate template by using the
Certificates console. The certificate template is unavailable for Web enrollment.
You need to ensure that the certificate template is available on the Web enrollment pages.
What should you do?

You have an enterprise subordinate certification authority (CA).
You have a custom certificate template that has a key length of 1,024 bits. The template is
enabled for autoenrollment.
You increase the template key length to 2,048 bits.
You need to ensure that all current certificate holders automatically enroll for a certificate
that uses the new template.
Which console should you use?

Your network contains an Active Directory forest. All domain controllers run Windows Server
2008 Standard.
The functional level of the domain is Windows Server 2003.
You have a certification authority (CA).
The relevant servers in the domain are configured as shown below:

You need to ensure that you can install the Active Directory Certificate Services (AD CS)
Certificate Enrollment Web Service on the network.
What should you do?

You have a domain controller that runs the DHCP service.
You need to perform an offline defragmentation of the Active Directory database on the
domain controller.
You must achieve this goal without affecting the availability of the DHCP service.
What should you do?

Your network contains two Active Directory forests named contoso.com and nwtraders.com.
A two-way forest trust exists between contoso.com and nwtraders.com. The forest trust is
configured to use selective authentication.
Contoso.com contains a server named Server1. Server1 contains a shared folder named
Marketing.
Nwtraders.com contains a global group named G_Marketing. The Change share permission
and the Modify NTFS permission for the Marketing folder are assigned to the G_Marketing
group. Members of G_Marketing report that they cannot access the Marketing folder.
You need to ensure that the G_Marketing members can access the folder from the network.
What should you do?

Your network contains an Active Directory forest.
You need to add a new user principal name (UPN) suffix to the forest.
Which tool should you use?

Your network contains an Active Directory domain. The domain contains two sites named
Site1 and Site2. Site 1 contains five domain controllers. Site2 contains one read-only domain
controller (RODC). Site1 and Site2 connect to each other by using a slow WAN link.
You discover that the cached password for a user named User1 is compromised on the
RODC.
On a domain controller in Site1, you change the password for User1.
You need to replicate the new password for User1 to the RODC immediately. The solution
must not replicate other objects to the RODC.

Which tool should you use?