ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-412 All Questions

View all questions & answers for the 70-412 exam
Go to Exam

Exam 70-412 topic 3 question 124 discussion

Actual exam question from Microsoft's 70-412
Question #: 124
Topic #: 3
[All 70-412 Questions]

You have an enterprise certification authority (CA) named CA1.
You configure a recovery agent for CA1.
On CA1, you create a new certificate template named CertTemplate1, and then you configure CA1 to allow certificates to be requested based on CertTemplate1.
You need to ensure that new certificates issued based on CertTemplate1 can be recovered.
What should you do?

  • A. From the Certificate Templates console, modify the Issuance Requirements settings of CertTemplate1.
  • B. From the Certification Authority console, modify the enrollment agents of CA1.
  • C. From the Certificate Templates console, modify the Request Handling settings of CertTemplate1.
  • D. From the Certification Authority console, modify the certificate managers of CA1.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
The key archival process takes place when a certificate is issued. Therefore, a certificate template must be modified to archive keys before any certificates are issued based on this template.
See step 7 below.
To configure a certificate template for key archival and recovery
1. Open the Certificate Templates snap-in.
2. In the details pane, right-click the certificate template that you want to change, and then click Duplicate Template.
3. In the Duplicate Template dialog box, click Windows Server 2003 Enterprise unless all of your certification authorities (CAs) and client computers are running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.
4. In Template, type a new template display name, and then modify any other optional properties as needed.
5. On the Security tab, click Add, type the name of the users or groups you want to issue the certificates to, and then click OK.
6. Under Group or user names, select the user or group names that you just added. Under Permissions, select the Read and Enroll check boxes, and if you want to automatically issue the certificate, also select the Autoenroll check box.
7. On the Request Handling tab, select the Archive subject's encryption private key check box.
8. If users already have EFS certificates that are not configured for key archival and recovery, click the Superseded Templates tab, click Add, and then click the name of the template that you want to replace.
9. Click OK.
Reference: Configure a Certificate Template for Key Archival https://technet.microsoft.com/en-us/library/cc753826.aspx
by Rezerestibeiro27 at Nov. 6, 2020, 8:21 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NerdAlert
4 years, 5 months ago
No, C is correct. You set up key archival/recovery in the Request Handling tab. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee449464(v=ws.10)?redirectedfrom=MSDN#BKMK_ConfigTemplatesForArchival
upvoted 2 times
...
Rezerestibeiro27
4 years, 7 months ago
A is the answer
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel