Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Server 2008 Standard.
You need to install an enterprise subordinate certification authority (CA) that supports private key archival.
You must achieve this goal by using the minimum amount of administrative effort.
What should you do first?
A. Initialize the Trusted Platform Module (TPM).
B. Upgrade the member server to Windows Server 2008 R2 Standard.
C. Install the Certificate Enrollment Policy Web Service role service on the member server.
D. Run the Security Configuration Wizard (SCW) and select the Active Directory Certificate Services – Certification Authority server role template check box.
Correct Answer: B
Explanation/Reference:
Not sure about this one. See my thoughts below.
According to MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) key archival is not available in the Windows Server 2008 R2 Standard edition, so that would leave out answer B.
Another dump gives the following for answer B:
"Upgrade the menber [sic] server to Windows Server 2008 R2 Enterprise."
Should the actual exam mention to upgrade to the Enterprise edition for answer B, I’d go for that. In this VCE it doesn’t seem to make sense to go for B as it shouldn’t work, I think.
Certificate Enrollment Policy Web Service role of answer C was introduced in Windows Server 2008 R2, so that would not be an option on the mentioned Windows Server 2008 machine.
Trusted Platform Module is "a secure cryptographic integrated circuit (IC), provides a hardware-based approach to manage user authentication, network access, data protection and more that takes security to higher level than software-based security."
(http://www.trustedcomputinggroup.org/resources/ how_to_use_the_tpm_a_guide_to_hardwarebased_endpoint_security/)
Pfff… I’m bothered that answer B speaks of the Standard edition, and not the Enterprise edition. Hope the VCE is wrong.