PrepAway - Latest Free Exam Questions & Answers

Which snap-inshould you use?

Your network contains an Active Directory domainnamed adatum.com.
All serversrun Windows Server 2008 R2 Enterprise.
All client computersrun Windows 7 Professional.
The network contains an enterprise certification authority(CA).
You enable key archivalon the CA.
The CA is configured to use custom certificate templatesfor Encrypted File System (EFS) certificates.
All users plan to encrypt files by using EFS.
You need to ensure that the private keys for all new EFS certificates are archived.
Which snap-inshould you use?

PrepAway - Latest Free Exam Questions & Answers

A.
Share and Storage Management

B.
Security Configuration wizard

C.
Enterprise PKI

D.
Active Directory Administrative Center

E.
Certification Authority

F.
Group Policy Management

G.
Certificate Templates

H.
Authorization Manager

I.
Certificates

Explanation:
Practically the same question as G/Q36.
Reference:
http://technet.microsoft.com/en-us/library/cc753826.aspx
Configure a Certificate Template for Key Archival
The key archival process takes place when a certificate is issued. Therefore, a certificate template must be
modified to archive keys before any certificates are issued based on this template.
Key archival is strongly recommended for use with the Basic Encrypting File System (EFS) certificate
templatein order to protect users from data loss, but it can also be useful when applied to other types of
certificates.
To configure a certificate template for key archival and recovery
1. Open the Certificate Templates snap-in.
2. In the details pane, right-click the certificate template that you want to change, and then click Duplicate
Template.
3. In the Duplicate Template dialog box, click Windows Server 2003 Enterprise unless all of your certification
authorities (CAs) and client computers are running Windows Server 2008 R2, Windows Server 2008,
Windows 7, or Windows Vista.
4. In Template, type a new template display name, and then modify any other optional properties as needed.
5. On the Security tab, click Add, type the name of the users or groups you want to issue the certificates to,
and then click OK.
6. Under Group or user names, select the user or group names that you just added. Under Permissions, select
the Read and Enroll check boxes, and if you want toautomatically issue the certificate, also select the
Autoenroll check box.
7. On the Request Handling tab, select the Archive subject’s encryption private key check box.


Leave a Reply