Your network contains an Active Directory domain named contoso.com. Contoso.com
contains a member server that runs Windows Server 2008 Standard.
You need to install an enterprise subordinate certification authority (CA) that supports private
key archival.
You must achieve this goal by using the minimum amount of administrative effort.
What should you do first?
A.
Initialize the Trusted Platform Module (TPM).
B.
Upgrade the member server to Windows Server 2008 R2 Standard.
C.
Install the Certificate Enrollment Policy Web Service role service on the member server.
D.
Run the Security Configuration Wizard (SCW) and select the Active Directory Certificate
Services – Certification Authority server role template check box.
Explanation:
Not sure about this one. See my thoughts below.
to MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) key archival is
not available in the Windows Server 2008 R2 Standard edition, so that would leave out
answer B.Another dump gives the following for answer B:
“Upgrade the menber [sic] server to Windows Server 2008 R2 Enterprise.”
Should the actual exam mention to upgrade to the Enterprise edition for answer B, I’d go for
that. In this VCE it doesn’t seem to make sense to go for B as it shouldn’t work, I think.
Certificate Enrollment Policy Web Service role of answer C was introduced in Windows
Server 2008 R2, so that would not be an option on the mentioned Windows Server 2008
machine.
Trusted Platform Module is “a secure cryptographic integrated circuit (IC), provides a
hardware-based approach to manage user authentication, network access, data protection
and more that takes security to higher level than software-based security.”
(http://www.trustedcomputinggroup.org/resources/
how_to_use_the_tpm_a_guide_to_hardwarebased_endpoint_security/)
Pfff… I’m bothered that answer B speaks of the Standard edition, and not the Enterprise
edition. Hope the VCE is wrong.