Which three actions should you perform in sequence?

DRAG DROP
Your network contains an Active Directory domain named adatum.com. The domain
contains three servers. The servers are configured as shown in the following table.

Server1 is configured as shown in the exhibit. (Click the Exhibit button.)

Template1 contains custom cryptography settings that are required by the corporate security
team.
On Server2, an administrator successfully installs a certificate based on Template1.
The administrator reports that Template1 is not listed in the Certificate Enrollment wizard on
Server3, even after selecting the Show all templates check box.
You need to ensure that you can install a server authentication certificate on Server3. The
certificate must comply with the cryptography requirements.
Which three actions should you perform in sequence?
To answer, move the appropriate three actions from the list of actions to the answer area
and arrange them in the correct order.

DRAG DROP
Your network contains an Active Directory domain named adatum.com. The domain
contains three servers. The servers are configured as shown in the following table.

Server1 is configured as shown in the exhibit. (Click the Exhibit button.)

Template1 contains custom cryptography settings that are required by the corporate security
team.
On Server2, an administrator successfully installs a certificate based on Template1.
The administrator reports that Template1 is not listed in the Certificate Enrollment wizard on
Server3, even after selecting the Show all templates check box.
You need to ensure that you can install a server authentication certificate on Server3. The
certificate must comply with the cryptography requirements.
Which three actions should you perform in sequence?
To answer, move the appropriate three actions from the list of actions to the answer area
and arrange them in the correct order.

Answer: See the explanation

Explanation:
Box 1:

Box 2:

Box 3:

Note:
Duplicate an existing template, modify the Compatibility Settings (to Windows Server 2008),
and modify the Request Handling settings.

Show Hint

Leave a Reply 4

Your email address will not be published. Required fields are marked *

Akoachi

Akoachi

First box is correct. By duplicating Template1, you get a new template with all the custom cryptography settings necessary.

Second box is correct. If a 2012R2 sees the certificate and a 2008R2 does not, then you need to change that in the compatibility tab.

Third box is wrong. It should be “From…click Certificate Template to Issue”.
If you don’t, the admin in Server3 won’t be able to see the certificate while enrolling.
And the Request Handling does not have any settings relating to the question.

Reply

The answers from V.2 without the arguments.

The answers from V.2 without the arguments.

1. From Certificate Templates, click Duplicate Template.
2. From Certificate Templates, modify the Compatibility settings of the template.
3. From Certification Authority, click New, and then click Certificate Template to Issue.

Reply

David

David

agree with Akoachi

actual order should be
– Duplicate the certificate template
– Modify Compatibility to 2008
– Change Cryptography
– Issue new Certificate.

Since the 3rd option is not in the options to choose from so we should replace the 3rd box with Issuance of certificate

Reply

Micro

Micro

Agree! Some sites propose different answers, but to explain a bit further:

ANSWER:
1- Duplicate Certificate
2- Modify Compatibility to 2008
3- Issue new Certificate

Also, if you duplicate base template, modify COMPATIBILITY to:

CA:2012R2 and Cer.recipient:Win8.1/WinServ2012R2,

and APPLY those settings, you CAN’T lower compatibility settings lower than:

CA:WinSer2012 and Cer.recipient:Win8/WinServ2012.

So, there’s no way to use existing template to make it available to WinServ2008R2, unless you do DUPLICATE TEMPLATE of that or any other template, suitable for your needs.

Reply