You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment. You increase the template key length to 2,048 bits.

You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template.

Which console should you use?

You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment.

You need to ensure that the certificate template is available on the Web enrollment pages.

What should you do?

You have an enterprise subordinate certification authority (CA). The CA is configured to use a hardware security module.

You need to back up Active Directory Certificate Services on the CA.

Which command should you run?

You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents.

You need to ensure that all of the recovery agent certificates can be used to recover all new private keys.

What should you do?

You have an enterprise subordinate certification authority (CA). You have a group named Group1.

You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1 must not be allowed to revoke certificates.

What should you do?

Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled.

You need to install an enterprise subordinate CA on the server.

What should you use to log on to the new server?

You install a standalone root certification authority (CA) on a server named Server1.

You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computer’s Trusted Root Certification Authorities store.

Which command should you run on Server1?

You have an enterprise root certification authority (CA) that runs Windows Server 2008 R2.

You need to ensure that you can recover the private key of a certificate issued to a Web server.

What should you do?

You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2. Server1 is configured as an Enterprise Root certification authority (CA). You install the Online Responder role service on Server2.

You need to configure Server2 to issue certificate revocation lists (CRLs) for the enterprise root CA.

Which two tasks should you perform? (Each correct answer presents part of the solution. Choose two.)

Your company has an Active Directory domain. You have a two-tier PKI infrastructure that contains an offline root CA and an online issuing CA. The Enterprise certification authority is running Windows Server 2008 R2.

You need to ensure users are able to enroll new certificates.

What should you do?