Your network contains an Active Directory domain named adatum.com. The domain contains a server
named CA1 that runs Windows Server 2012 R2. CA1 has the Active Directory Certificate Services server
role installed and is configured to support key archival and recovery.
You need to ensure that a user named User1 can decrypt private keys archived in the Active Directory
Certificate Services (AD CS) database. The solution must prevent User1 from retrieving the private keys
from the AD CS database.
What should you do?
A.
Assign User1 the Issue and Manage Certificates permission to CA1.
B.
Assign User1 the Read permission and the Write permission to all certificate templates.
C.
Provide User1 with access to a Key Recovery Agent certificate and a private key.
D.
Assign User1 the Manage CA permission to CA1.
Explanation:
http://social.technet.microsoft.com/wiki/contents/articles/7573.active-directory-certificate-servicespki-keyarchival-and-management.aspx#Protecting_Key_Recovery_Agent_Keys
Hi! All! Merry X’mas!!!
Passed 70-417 exam last week! Maybe the best gift for my Christmas!! haha~~~
Score of my 70-417 test:
70-410 : 900 (total 20q in this section)
70-411 : 890 (total 20q in this section)
70-412 : 885 (total 18q in this section)
Only few new questions in the whole 70-417 test, and they were mainly appeared in the ADFS section of 70-412.
And, pay attention to these Qs:
1. Question about exporting printers from a 2008 R2 to a 2012 R2
2. Question about which command you need to transfer the global catalog/schema role
3. Question about how to change the UPN suffix on all user accounts in a domain
4. Question about the IPAM method to switch from auto to manual install
The valid 70-417 dumps that I learned:
http://www.passleader.com/70-417.html
(611q VCE and PDF)
All new questions were from it, and wrong answers have been corrected, the most valid 70-417 dumps until now!
P.S. Download part of that 611q 70-417 dumps for free here:
https://doc.co/QB11rj
Good Luck!