HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory
Certificate Services server role installed and configured.
For all users, you are deploying smart cards for logon. You are using an enrollment agent to enroll
the smart card certificates for the users.
You need to configure the Contoso Smartcard Logon certificate template to support the use of the
enrollment agent.
Which setting should you modify? To answer, select the appropriate setting in the answer area.
Answer: 
Explanation:
<map><m x1=”46″ x2=”414″ y1=”257″ y2=”296″ ss=”0″ a=”0″ /></map>/ In application policy drop-down list select Certificate Request Agent.
/ The Issuance Requirements Tab
* Application policy. This option specifies the application policy that must be included in the signing
certificate used to sign the certificate request. It is enabled when Policy type required in signature is
set to either Application policy or Both application and issuance policy.
Administering Certificate Templates
http://technet.microsoft.com/en-us/library/cc725621(v=WS.10).aspx
https://cloudidentityblog.com/2014/06/01/smart-card-enrollment/
Based on this tutorial, it should be:
Click on Issuance Requirements tab. Enable checkbox “This number of authorized signatures:” Make sure it requires only one (“1”) signature.
– already done
Under Policy type required in signature select: Application Policy
– done
Under Application Policy select: Certificate Request Agent
– Next Step (answer)
4
0