Home » Microsoft » 70-534 v.2 » What are two possible ways to achieve this goal?
Your company has recently signed up for Azure. You plan to register a Data Protection Manager (DPM) serve with the Azure Backup service. You need to recommend a method for registering the DPM server with the Azure Backup vault.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
A. Import a self-signed certificate created using the makecert tool.
B. Import a self-signed certificate created using the createcert tool.
C. Import an X.509 v3 certificate with valid clientauthentication EKU.
D. Import an X.509 v3 certificate with valid serverauthentication EKU.
Correct Answer: AC
Explanation/Reference:
Explanation:
The certificate used for the backup vault in Azure must fulfill the following prerequisites:
• You can create a self-signed certificate using the makecert tool, or use any valid SSL certificate issued by a Certification Authority (CA) trusted by
Microsoft, whose root certificates are distributed via the Microsoft Root Certificate Program.
• The certificate should be an x.509 v3 certificate.
• The certificate must have a valid ClientAuthentication EKU.
• To upload to the certificate to the vault, you must export it as a .cer format file that contains the public key.
• The key length should be at least 2048 bits.
• The certificate should be currently valid with a validity period that does not exceed 3 years.
• The certificate should reside in the Personal certificate store of your Local Computer.
• The private key should be included during installation of the certificate.
References: https://blogs.technet.microsoft.com/hybridcloud/2014/03/16/using-azure-backup-with-dpm/