What should you recommend?

Your network contains an Active Directory domain named contoso.com.
The network has an Active Directory Certificate Services (AD CS) infrastructure.
You deploy Active Directory Rights Management Services (AD RMS) on the network.
You provide several users on the network with the ability to protect content by using AD RMS.
You need to recommend a solution to provide the members of a group named Audit with the ability to read and modify all of the AD RMS-protected
content.
What should you recommend?

Your network contains an Active Directory domain named contoso.com.
The network has an Active Directory Certificate Services (AD CS) infrastructure.
You deploy Active Directory Rights Management Services (AD RMS) on the network.
You provide several users on the network with the ability to protect content by using AD RMS.
You need to recommend a solution to provide the members of a group named Audit with the ability to read and modify all of the AD RMS-protected
content.
What should you recommend?

A.
Issue a CEP Encryption certificate to the members of the Audit group.

B.
Issue a key recovery agent certificate to the members of the Audit group.

C.
Add the Audit group as a member of the super users group.

D.
Add the Audit group as a member of the Domain Admins group.

Explanation:
A – Not Applicable.
B – Not Applicable – KRA allows allows a user to decrypt users’ archived private keys, but not to retrieve them from the database.
C – Correct – Super Users Group in AD RMS can Decrypt AD RMS-Protected Content, and modify it.
D – Not Applicable – You don;t just go around handing out Admin Rights to people for any small reason!

http://technet.microsoft.com/en-us/library/ee424431.aspx



Leave a Reply 0

Your email address will not be published. Required fields are marked *