Exam 70-742 topic 1 question 204 discussion

I'm going with CE... I see this in other forum: First, we need to give Group1 permissions to “Issue and Manage Certificates” which is an option in the security tab of the CA’s properties. Thus, answer C. Next, we need to restrict this group to Deny them access to the Administrator’s certificates. For that, we go to the Certificate Managers tab, click on “Restrict Certificate Managers”. At this point, Group1 should be listed. Click on it, then under Permissions, Add the Domain Admins group and click on Deny. Group1 can now no longer Manage and Issue for the Domain Admins group. Thus, answer E. See: https://social.technet.microsoft.com/wiki/contents/articles/10942.ad-cs-security-guidance.aspx

the answer is correct. C. From the CA properties, modify the security settings. E. From the CA properties, modify the Certificate Managers Settings. https://technet.microsoft.com/en-us/library/cc753372.aspx

definitely C + E tested in lab. You edit the security settings of the CA, then you go to cert managers tab and edit the permissions in there.

C AND E

CA Policy Module tab only allows you to choose request handling by clicking Properties or Change the active policy module by clicking select. The Properties button has two options 1) Set the certificate request status to pending. The administrator must explicitly issue the certificate. 2)Follow the settings in the certificate template, if applicable. Otherwise, automatically issue the certificate. (default setting) This does not allow you to choose WHICH certs are only handled by admins, but simply states that all requests must be approved by an admin. Nowhere in the given information does it say that a special certificate template was created with different permissions set up. Therefore, A cannot be correct.

C. From the CA properties, modify the security settings. E. From the CA properties, modify the Certificate Managers Settings.

yes, the given answer is correct

CE is correct. Just checked that in the lab.

i'm going with AE

right answer would be A and E First we need to assign Group1 the Issue and Manage Certificates permission. Second we can restrict certificate managers to certain templates or groups. Restrict Certificate Managers A certificate manager can approve certificate enrollment and revocation requests, issue certificates, and manage certificates. This role can be configured by assigning a user or group the Issue and Manage Certificatespermission. When you assign this permission to a user or group, you can further refine their ability to manage certificates by group and by certificate template. For example, you might want to implement a restriction that they can only approve requests or revoke smart card logon certificates for users in a certain office or organizational unit that is the basis for a security group. This restriction is based on a subset of the certificate templates enabled for the certification authority (CA) and the user groups that have Enroll permissions for that certificate template from that CA

The correct answers are A and C.

C & E are Correct https://www.ntweekly.com/2018/01/08/assign-permissions-manage-certificate-authority-windows-server-2016/

Agree CE

CE is the answer.