You have a server named Server1 that has the ActiveDirectory Certificate Services server role installed.
Server1 uses a hardware security module (HSM) to protect the private key of Server1.
You need to ensure that the Active Directory Certificate Services (AD CS) database, log files, and private key
are backed up.
You perform regular backups of the HSM module by using a backup utility provided by the HSM manufacturer.
What else should you do?
A.
Run the certutil.exe command and specify the -backupkey parameter.
B.
Run the certutil.exe command and specify the -backupdb parameter.
C.
Run the certutil.exe command and specify the -backup parameter.
D.
Run the certutil.exe command and specify the -dump parameter.
Explanation:
http://technet.microsoft.com/library/cc732443.aspx
http://technet.microsoft.com/library/cc732443.aspx#BKMK_backupDB
Log files and private key are included in the backup utility from the HSM manufacturer, so only the database is neccesary.
-backupDB Backup the Active Directory Certificate Services database
Agree
backupDB
CertUtil [Options] -backupDB BackupDirectory [Incremental] [KeepLog]
Backup Active Directory Certificate Services database
BackupDirectory: directory to store backed up database files
Incremental: perform incremental backup only (default is full backup)
KeepLog: preserve database log files (default is to truncate log files)
[-f] [-config Machine\CAName]