ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-742 All Questions

View all questions & answers for the 70-742 exam
Go to Exam

Exam 70-742 topic 1 question 207 discussion

Actual exam question from Microsoft's 70-742
Question #: 207
Topic #: 1
[All 70-742 Questions]

You deploy a new certification authority (CA) to a server that runs Windows Server 2016.
You need to configure the CA to support recovery of certificates.
What should you do first?

  • A. Assign the Request Certificates permission to the user account that will be responsible for recovering certificates.
  • B. Configure the Key Recovery Agent template as a certificate template to issue.
  • C. Modify the Recovery Agents settings from the properties of the CA.
  • D. Modify the extension of the OCSP Response Signing template.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
References:
http://markgossa.blogspot.co.uk/2017/03/enable-key-archival-in-server-2012-r2.html
by coleman at Dec. 21, 2019, 3:33 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
coleman
Highly Voted 5 years, 8 months ago
answer B is correct
upvoted 9 times
coleman
5 years, 8 months ago
To configure your environment for key archival of Encrypting File System (EFS) certificates 1) Create a key recovery agent account or designate an existing user to serve as the key recovery agent. 2) Configure the key recovery agent certificate template and enroll the key recovery agent for a key recovery agent certificate. 3) Register the new key recovery agent with the CA.
upvoted 10 times
coleman
5 years, 8 months ago
4)Configure a certificate template, such as Basic EFS, for key archival, and enroll users for the new certificate. If users already have EFS certificates, ensure that the new certificate will supersede the certificate that does not include key archival. For information, see Configure a Certificate Template for Key Archival. 5) Enroll users for encryption certificates based on the new certificate template. Users are not protected by key archival until they have enrolled for a certificate that has key recovery enabled. If they have identical certificates that were issued before key recovery was enabled, data encrypted with these certificates is not covered by key archival. Answer A and D are irrelevant to this question. Moreover, you must first configure the KRA template and issue a KRA certificate to a selected user account, who serve as key recovery agent before you can configure the CA to be assigned with a KRA, so, answer B is correct.
upvoted 5 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel