You are the network administrator for your company. The network contains a single Active Directory domain. All computers on the network are members of the domain. All domain controllers run Windows Server 2003. You are planning a public key infrastructure (PKI). The PKI design documents for your company specify that certificates that users request to encrypt files must have a validity period of two years.
The validity period of a Basic EFS certificate is one year. In the Certificates Templates console, you attempt to change the validity period for the Basic EFS certificate template.
However, the console does not allow you to change the value. You need to ensure that you can change the value of the validity period of the certificate that users request to encrypt files.
What should you do?
A.
Install an enterprise certification authority (CA) in each domain.
B.
Instruct users to connect to the certification authority (CA) Web enrollment pages to request a Basic EFS certificate.
C.
Create a duplicate of the Basic EFS certificate template. Enable the new template for issuing certificate authorities.
D.
Assign the Domain Admins group the Allow – Full Control permission for the Basic EFS certificate template.
Explanation:
The question states that the validity period of the Basic EFS certificate is one year. This suggests that we are using a standalone CA (the default validity period for an enterprise CA is two years). We cannot change the validity period of the Basic EFS template, but we can however, make a copy of the Basic EFS template. This would enable us to make changes to the copy of the template.