DRAG DROP
Your network contains an Active Directory domain named adatum.com. The domain
contains three servers. The servers are configured as shown in the following table.
Server1 is configured as shown in the exhibit. (Click the Exhibit button.)
Template1 contains custom cryptography settings that are required by the corporate security team.
On Server2, an administrator successfully installs a certificate based on Template1.
The administrator reports that Template1 is not listed in the Certificate Enrollment wizard on
Server3, even after selecting the Show all templates check box.
You need to ensure that you can install a server authentication certificate on Server3. The
certificate must comply with the cryptography requirements.
Which three actions should you perform in sequence?
To answer, move the appropriate three actions from the list of actions to the answer area
and arrange them in the correct order.
Answer: See the explanation.
Explanation:
Box 1:Box 2:
Box 3:
Note:
Duplicate an existing template, modify the Compatibility Settings (to Windows Server 2008),
and modify the Request Handling settings.
Box 3 shouldn’t be “New Certificate Template to issue”?
I agree it should had been New Cert. Temp. to issue
@ mina do you have additional info. I am finding the current answer correct
You already duplicated a template from template1 which means you have a template so no need to create a new one.And as server3 is a Windows Server 2008 R2 which means you have to modify request Handling setting.
correct ans plzzz tell me????
Lazy bones – do some research. It’s good for your brain.
I see almost on every other question Hassan is begging for an answer.lol.
I wonder how he passed 410 & 411
BOX 3 should be “New Certificate Template to Issue”
http://social.technet.microsoft.com/wiki/contents/articles/15897.certificate-templates-not-available-for-windows-7-and-windows-server-2008-r2-certificate-recipients-using-certificate-enrollment-web-services.aspx
Nas,
You already modified the compatibility settings of the template by tab 2.
The above answer is correct. No need to issue the template. only configure the settings.
http://technet.microsoft.com/en-us/library/cc725621(v=ws.10).aspx
all the other admins can see the the template except the admin of server 2008. this means the cert is incompatible with server 2008.
Box 3 should be issue new cert temp issue because the configuration of the previous template was duplicated. that includes crypto method. in order to see the template you have to issue it and make available. if you dont the the template is just template that sits but no one can access.
see cbt nuggets 70-412 vid manage cert topic for details…
the reason why the answer above could be correct is if it has to due with cert template version. which would make sense
2008 is version 3 versus 2012 is version 4
https://technet.microsoft.com/library/cc725838.aspx
If you duplicate a w2012 template, a Compatibility tab is automatically displayed. You don’t need to select a version as with creating a new template.
http://social.technet.microsoft.com/wiki/contents/articles/13303.windows-server-2012-certificate-template-versions-and-options.aspx
I agree
Watch CBT nuggets
I think the answer is correct because the question says template must comply with cryptography requirements. The cryptography requirements are configured on the Request Handling settings tab.
If you don’t add to issue, template will be unavailable.
So you Duplicate the template, modify its settings, and then what? It’s just sitting in the Cert Templates console, unable to be issued. It has to show up in Certificate Authority > Certificate Templates in order to be issued, and the only way to get there is to Issue a New Cert from Template.
Also, the Request Handling tab sets the cryptographic requirements for the certificate. As the question states the certificate must comply with the cryptographic requirements, you should not touch these. Issuance Requirements also do not need to be altered. Policy Module also pertains to the cryptographic information in the certificate, so you leave this alone.
This leaves us with:
1. Duplicate Template
2. Modify Compatibility
3. New > Certificate Template to Issue
Billy is right
Answer is correct:
1 Duplicate
2 Modify Compatability
3 Renew with same key on the REQUEST HANDLING tab 🙂
Compatiblity 2008 R2 mode:
Tab Template Option Previously Configured?
Request Handling Renew with the same key No
Renew with the same key box grayed out, uncheckable
Windows Server 2012 introduces the option to Renew with the same key on the Request Handling tab of the certificate template properties.
(http://social.technet.microsoft.com/wiki/contents/articles/13303.windows-server-2012-certificate-template-versions-and-options.aspx)
Answer is correct
The answer is not correct. Although your statement is correct, you have misunderstood what it means.
Server 2012 DOES introduce the option to renew with the same key. However, if you set the compatibility mode to any OS previous to Server 2012, the option to renew with the same key is grayed out (see here, from my lab):
http://imgur.com/uSowpZb
http://imgur.com/IhP3e7O
So the answer is indeed:
Duplicate certificate
Change compatibility
Issue a new certificate
Thanks, you are correct, from the link by Jo.
The Compatibility tab helps to configure the options that are available in the certificate template. The options available in the certificate template properties change depending upon the operating system versions that are selected for the certification authority (CA) and certificate recipient. For example, if the configured CA is Windows Server 2008 R2 and the configured certificate recipient is Windows 7 / Server 2008 R2, the option to Renew with the same key would be unavailable.
answeer ive found on most sites is
compatibility
issuance
req handling
is this coreect.?
I agree with Billy and everyone with same answer. when a certificate template is duplicated then need to be issued otherwise you even can not use it 🙂 we only can duplicate a template not a a ISSUED template…so after duplicating you have to issue it.
Question’s said “Template 1 contain custom cryptography setting” and it seems we need to change it back for new one again but not! why? because when you duplicate a Template all the Cryptography settings ( in Request Handling and Cryptography tabs ) will be copied in new certificate so no need to touch it again 🙂
correct answer:
1- Duplicate
2- Modify Compatibility
3- Issue new
I agree that it should be:
duplicate template
modify compatibility settings
issue new template to use
Without issuing the template it still can’t be used, unless you (to my understanding) tick renew with the same key) which is greyed out when you change the compatibility settings to 2008 R2
Did a check in LAB
1- Duplicate
2- Modify Compatibility
– Didn’t any cjange to Request Handling
3- Issue new Certificate
Sorry I posted without finish the message. I was saying…
1- Duplicate Computer Certificate
2- Didn’t any change in Compatibility
Didn’t any change to Request Handling
3- Issue new Certificate
New certificate Windows 2008 non enlisted in Certificate enrollment Wizard
Did a check in LAB
1- Duplicate Computer Certificate
2- Modify Compatibility to 2008
Didn’t any change to Request Handling
3- Issue new Certificate
New certificate Windows 2008 NOW IS Enlisted in Certificate enrollment Wizard
About the part related to Criptography, during de modification of the copy of the template there is a dedicated tab related to this, so in this case the full correct
answer must be:
1- Duplicate Computer Certificate
2- Modify Compatibility to 2008
3- Change Cryptography
4- Issue new Certificate
but in the list option 3 is not present, so:
1- Duplicate Computer Certificate
2- Modify Compatibility to 2008
4- Issue new Certificate
Did this myself in my test environment and the given answer is correct.
Care to explain why? What did you change in Request Handling?
And how did you enroll the certificate without issuing in from CA?
1- Duplicate Certificate
2- Modify Compatibility to 2008
3- Issue new Certificate
Also, if you duplicate base template, modify COMPATIBILITY to:
CA:2012R2 and Cer.recipient:Win8.1/WinServ2012R2,
and APPLY those settings, you CAN’T lower compatibility settings lower than:
CA:WinSer2012 and Cer.recipient:Win8/WinServ2012.
So, there’s no way to use existing template to make it available to WinServ2008R2, unless you do DUPLICATE TEMPLATE of that or any other template, suitable for your needs.
Those saying that REQUEST HANDLING should me modified, I’d like them to explain what setting should me modified so template appear as a choice on Windows Server2008/2008R2.
BTW, tested in lab all settings, answer is like I stated above.
Answer is obviously
1. Duplicate the template
2. Compatibility settings
3. Issue the new template so that it is available on the client side
If you duplicate a template, you must issue it so that it is listed in the certificate enrollment wizard. If you dont do that it doesnot become a solution as the admin in server 3 will still not be able to see the required certificate template which is the main issue to begin with.