PrepAway - Latest Free Exam Questions & Answers

You need to ensure that members of the CertIssuers group can issue, approve, and revoke certificates

Your company has an Active Directory domain.
All servers run Windows Server.
You deploy a Certification Authority (CA) server.
You create a new global security group named CertIssuers.
You need to ensure that members of the CertIssuers group can issue, approve, and revoke certificates.
What should you do?

PrepAway - Latest Free Exam Questions & Answers

A.
Assign the Certificate Manager role to the CertIssuers group

B.
Place CertIssuers group in the Certificate Publisher group

C.
Run the certsrv -add CertIssuers command promt ofthe certificate server

D.
Run the add -member-membertype memberset CertIssuers command by using Microsoft Windows
Powershell

Explanation:
http://technet.microsoft.com/en-us/library/cc779954%28v=ws.10%29.aspx
Role-based administration
Role explanation
Role-based administration involves CA roles, users,and groups. To assign a role to a user or group, you must
assign the role’s corresponding security permissions, group memberships, or user rights to the user orgroup.
These security permissions, group memberships, and user rights are used to distinguish which users have
which roles. The following table describes the CA roles of role-based administration and the groups relevant to
role-based administration.

..
Certificate Manager:
Delete multiple rows in database (bulk deletion)
Issue and approve certificates
Deny certificates
Revoke certificates
Reactivate certificates placed on hold
Renew certificates
Recover archived key
Read CA database
Read CA configuration information


Leave a Reply