PrepAway - Latest Free Exam Questions & Answers

Which two permissions should you assign to Group1?

Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory
Certificate Services server role installed and is configured to support key archival and recovery.
You create a new Active Directory group named Group1.
You need to ensure that the members of Group1 can request a Key Recovery Agent certificate.
The solution must minimize the permissions assigned to Group1.
Which two permissions should you assign to Group1? (Each correct answer presents part of the
solution. Choose two.)

PrepAway - Latest Free Exam Questions & Answers

A.
Read

B.
Auto enroll

C.
Write

D.
Enroll

E.
Full control

Explanation:
See step 6 below.
To configure the Key Recovery Agent certificate template
1. Open the Certificate Templates snap-in.
2. In the console tree, right-click the Key Recovery Agent certificate template.
3. Click Duplicate Template.
4. In Template, type a new template display name, and then modify any other optional
properties as needed.
5. On the Security tab, click Add, type the name of the users you want to issue the key
recovery agent certificates to, and then click OK.
6. Under Group or user names, select the user names that you just added. Under Permissions,
select the Read and Enroll check boxes, and then click OK. Identify a Key Recovery Agent


Leave a Reply