You have a server named Server1 that has the Active Directory Certificate Services server role
installed. Server1 uses a hardware security module (HSM) to protect the private key of Server1.
You need to ensure that the Active Directory Certificate Services (AD CS) database, log files, and
private key are backed up.
You perform regular backups of the HSM module by using a backup utility provided by the HSM
manufacturer.
What else should you do?
A.
Run the certutil.exe command and specify the -backupkey parameter.
B.
Run the certutil.exe command and specify the -backupdb parameter.
C.
Run the certutil.exe command and specify the -backup parameter.
D.
Run the certutil.exe command and specify the -dump parameter.
Explanation:
A)
Backup the Active Directory Certificate Services certificate and private key
B)
Backup the Active Directory Certificate Services database
C)
Backup Active Directory Certificate Services
D)
Dump configuration information or files
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupKey
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupDB
http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backup
http://technet.microsoft.com/library/cc732443.aspx#BKMK_dump
B.
Run the certutil.exe command and specify the -backupdb parameter.
B is wrong. Option -backupdb does not backup private key. Option -backup does that trick.
I agree with mist74, the answer should be C.
Tested in lab by first running Certificate Authority gui and choosing the Backup CA.. option and selecting the ‘Private key and CA certificate’ and ‘Certificate database and certificate database log’ options. Then from the command line ran certutil -backup and certutil -backupdb and compared the resulting directories from each option, and the -backup produced the same as the gui option.
But do you need to back up the private key as well? The question states that we’re using a 3rd party tool to back up the key.
“What else should you do?” Back up the database and the logs.
backupDB
CertUtil [Options] -backupDB BackupDirectory [Incremental] [KeepLog]
Backup Active Directory Certificate Services database
BackupDirectory: directory to store backed up database files
Incremental: perform incremental backup only (default is full backup)
KeepLog: preserve database log files (default is to truncate log files)
[-f] [-config Machine\CAName]
Answer is B imo.
i dont want to make a comment that might get my certificates revoked!!!
https://technet.microsoft.com/library/cc732443.aspx
-backup
CertUtil [Options] -backup BackupDirectory [Incremental] [KeepLog]
Backup Active Directory Certificate Services
BackupDirectory: directory to store backed up data
Incremental: perform incremental backup only (default is full backup)
KeepLog: preserve database log files (default is to truncate log files)
[-f] [-config Machine\CAName] [-p Password]
Return to Menu
-backupDB
CertUtil [Options] -backupDB BackupDirectory [Incremental] [KeepLog]
Backup Active Directory Certificate Services database
BackupDirectory: directory to store backed up database files
Incremental: perform incremental backup only (default is full backup)
KeepLog: preserve database log files (default is to truncate log files)
[-f] [-config Machine\CAName]
It’s called freedom of speech
agree!
Does nobody read the question? It specifically states that the private key is backed up by the 3rd party software. Since that part is dealt with you just need to backup the DB hence it’s the answer with the -backupdb parameter.
Ironically, you’re the one who didn’t read the question. We need to backup log files as well. C will do that just fine.
I dont see any option able of backing up the log files..
You are all cucks