Your network contains an Active Directory domain named contoso.com. The network has an Active
Directory Certificate Services (AD CS) infrastructure.
You deploy Active Directory Rights Management Services (AD RMS) on the network. You provide several
users on the network with the ability to protect content by using AD RMS.
You need to recommend a solution to provide the members of a group named Audit with the ability to
read and modify all of the AD RMS-protected content.
What should you recommend?
A.
Issue a CEP Encryption certificate to the members of the Audit group.
B.
Issue a key recovery agent certificate to the members of the Audit group.
C.
Add the Audit group as a member of the super users group.
D.
Add the Audit group as a member of the Domain Admins group.
http://technet.microsoft.com/en-us/library/ee424431.aspx
C?