PrepAway - Latest Free Exam Questions & Answers

Which snap-in should you use?

Your network contains an enterprise certification authority (CA) that runs Windows Server 2008 R2
Enterprise.
You enable key archival on the CA.
The CAis configuredto use custom certificate templatesfor Encrypted File System (EFS) certificates.
You need to archive the private key for all new EFS certificates.
Which snap-in should you use?

PrepAway - Latest Free Exam Questions & Answers

A.
Active Directory Users and Computers

B.
Authorization Manager

C.
Group Policy Management

D.
Enterprise PKI

E.
Security Templates

F.
TPM Management

G.
Certificates

H.
Certification Authority

I.
Certificate Templates

Explanation:
Practically the same question as J/Q27.
Reference:
http://technet.microsoft.com/en-us/library/cc753826.aspx
Configure a Certificate Template for Key Archival
The key archival process takes place when a certificate is issued. Therefore, a certificate template must be
modified to archive keys before any certificates are issued based on this template.
Key archival is strongly recommended for use with the Basic Encrypting File System (EFS) certificate
templatein order to protect users from data loss, but it can also be useful when applied to other types of
certificates.
To configure a certificate template for key archival and recovery
1. Open the Certificate Templates snap-in.
2. In the details pane, right-click the certificate template that you want to change, and then click Duplicate
Template.
3. In the Duplicate Template dialog box, click Windows Server 2003 Enterprise unless all of your certification
authorities (CAs) and client computers are running Windows Server 2008 R2, Windows Server 2008,
Windows 7, or Windows Vista.
4. In Template, type a new template display name, and then modify any other optional properties as needed.
5. On the Security tab, click Add, type the name of the users or groups you want to issue the certificates to,
and then click OK.
6. Under Group or user names, select the user or group names that you just added. Under Permissions, select
the Read and Enroll check boxes, and if you want toautomatically issue the certificate, also select the
Autoenroll check box.
7. On the Request Handling tab, select the Archive subject’s encryption private key check box.


Leave a Reply