You have an Active Directory Rights Management Services (AD RMS) cluster.
You need to prevent users from encrypting new content. The solution must ensure that the users
can continue to decrypt content that was encrypted already.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose
two.)
A.
From the Active Directory Rights Management Services console, enable decommissioning.
B.
From the Active Directory Rights Management Services console, create a user exclusion policy.
C.
Modify the NTFS permissions of %systemdrive%\inetpub\wwwroot\_wmcs\licensing.
D.
Modify the NTFS permissions of %systemdrive%\inetpub\wwwroot\_wmcs\decommission.
E.
From the Active Directory Rights Management Services console, modify the rights policy
templates.
Explanation:
* Decommissioning refers to the entire process of removing the AD RMS cluster and its associated
databases from an organization. This process allows you to save rights-protected files as ordinary
files before you remove AD RMS from your infrastructure so that you do not lose access to these
files.
Decommissioning an AD RMS cluster is achieved by doing the following:
/ Enable the decommissioning service. (A)
/ Modify permissions on the decommissioning pipeline.
/ Configure the AD RMS-enabled application to use the decommissioning pipeline.
* To modify the permissions on the decommissioning pipeline
1. Log on to ADRMS-SRV as cpandl\administrator.
2. Click Start, type %systemdrive%\inetpub\wwwroot\_wmcs in the Start Search box, and then press
ENTER.
3. Right-click the decommission folder, and then click Properties.
4. Click the Security tab, click Edit, and then click Add. (D)
Etc.Step 1: Decommission AD RMS Root Cluster
i am going with b and e
“Before you remove the Active Directory Rights Management Services (AD RMS) role from a server, you should first decommission AD RMS. When you decommission AD RMS, the behavior of the AD RMS cluster is changed such that it can now provide a key that decrypts the rights-protected content that it had previously published. This key allows the content to be saved without AD RMS protection. This can be useful if you have decided to stop using AD RMS protection in your organization, or still need the information.”
– how does this possibly achieve teh desired outcome ?????
exclusion policies apply to only new certs or licensing requests. therefore u can prevent users from encrypting new content and ensure that the users
can continue to decrypt content that was encrypted already.
0
1
it seems like overkill.
0
0
I’m just wondering….
If there is so much debate about this specific question and both the combinations of A+D and B+E seem to be right.
Could it be possible that which ever combination you give at your exam it will be counted as a correct answer?
Who really knows the correct answers and the reasoning and mindset behind all of Microsoft’s questions and answers sometimes, right?
0
0
Remember kids: nothing is impossible!… but it’s not very likely 😉
In this case, after digging for like an hour and a half, it seems that the decommissioning is the right approach.
http://www.aiotestking.com/microsoft/which-two-actions-should-you-perform-596/
0
0
The reasoning behind this is: the exclusion policy would prevent users from accessing entities, which stops them from decrypting already encrypted stuff. I know that a lot of folks are trippin balls over the prospect of decommissioning a working environment, but apparently this is the only answer combination, that matches the question entirely.
0
0