DRAG DROP
Your network contains an Active Directory domain named contoso.com.
You have a server named Server1 that is configured as an enterprise root certification
authority (CA).
You need to ensure that private keys can be archived on Server1.
Which three actions should you perform in sequence? (To answer, move the appropriate
three actions from the list of actions to the answer area and arrange them in the correct
order.)
Answer: See the explanation
Explanation:
Box 1:
Box 2:
Box 3:Note:
This topic includes requirements and procedures for implementing key archival using Active
Directory Certificate Services (AD CS) and the Windows Server 2008 operating system.
Review and complete each of the following sections to implement key archival:
* (step 1) Configuring a key recovery agent certificate template
* (Step 1) Adding a key recovery agent certificate template to an enterprise CA
* (Step 2) Enrolling key recovery agents
/ Enrolling key recovery agents
/Issuing a key recovery agent certificate
* Configuring a CA for key archival and recovery
/ Adding key recovery agent certificates to a CA
/ (step 3) Configuring certificate templates for key archival
Certificate templates can be individually configured to require key archival. Your
organization’s security or data recovery policies should specify criteria to determine which
certificate templates can be configured for key archival.
This procedure should be completed on an enterprise CA.
1. Start the Certificate Templates snap-in.
2. Right-click a certificate template, and then click Properties.3. On the Request Handling tab, click Archive subject’s encryption private key, and then
click OK.Implementing Key Archival