You have a server named Server1 that has the Active Directory Certificate Services server role installed.
Server1 uses a hardware security module (HSM) to protect the private key of Server1.
You need to ensure that the Active Directory Certificate Services (AD CS) database, log files, and private key
are backed up.
You perform regular backups of the HSM module by using a backup utility provided by the HSM manufacturer.
What else should you do?
A.
Run the certutil.execommand and specify the -backupkey parameter.
B.
Run the certutil.exe command and specify the -backupdb parameter.
C.
Run the certutil.exe command and specify the -backup parameter.
D.
Run the certutil.exe command and specify the -dump parameter.
Explanation:
A:
Backup the Active Directory Certificate Services certificate and private key
B:
Backup the Active Directory Certificate Services databaseC. Backup Active Directory Certificate Services
D:
Dump configuration information or files
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupKey
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupDB
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backup
http://technet.microsoft.com/library/cc732443.aspx#BKMK_dump
Resposta Correta C!
-backup faz backup completo de chaves e base de dados.
0
3
BS gotcha question by Microsoft.
The default of both -backup and -backupdb is to truncate log files, so you must specify the keeplog parameter in both options. In this scenario, it is stated that the private key is being backed up by the HSM manufacturer’s software, so our private key is taken care of. The difference between -backup and -backupdb is that -backup includes the private key, both options will backup the database and the log files.
The big question really is, will the -backup command allow us to backup the private key if it is stored in the HSM? If it does, is there even a point if it is already being backed up? This being Microsoft, I will guess NO, and go with the answer being certutil -backupdb (answer B). I don’t see why they would mention the last line of the private key already being backed up if -backup was the correct answer.
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)#BKMK_backupDB
4
0