Exam 70-742 topic 1 question 217 discussion

Actual exam question from Microsoft's 70-742

Question #: 217
Topic #: 1

You have a certification authority (CA) named CA1. You create a certificate template named Template1 that has the following configurations:
✑ Minimum key size: 2048
✑ Cryptographic provider: Microsoft Strong Cryptographic Provider
✑ Compatibility Settings - Certification Authority: Windows Server 2012 R2
✑ Compatibility Settings - Certificate recipient: Windows 8.1 / Windows Server 2012 R2
You plan to configure Template1 to require that computers requesting certificates based on Template1 must have a TPM-protected private key.
You need to modify Template1 to ensure that you can configure the Key Attestation settings.
What should you change?

A. Compatibility Settings ג€" Certification Authority to Windows Server 2016
B. Compatibility Settings ג€" Certificate recipient to Windows 10 / Windows Server 2016
C. Cryptographic provider to Microsoft Platform Crypto Provider
D. Minimum key size to 4096

Show Suggested Answer

Suggested Answer: C 🗳️
References:
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/tpm-key-attestation

by manjonei at Jan. 19, 2020, 12:42 p.m.

Comments

Submit Cancel

manjonei

5 years, 5 months ago

The ansewer is correct. See the header "Deployment details" from the given link

upvoted 4 times

STFN2019

4 years, 8 months ago

yep: TPM key attestation for third-party smart card KSPs is not supported. Microsoft Platform Crypto Provider KSP must be used.

upvoted 3 times

...