Home » Microsoft » 70-640 » What should you do next?
Your network contains a single Active Directory domain.
The domain contains an enterprise certification authority (CA).
You need to ensure that the encryption keys for e-mail certificates can be recovered from the CA database.
You modify the e-mail certificate template to support key archival.
What should you do next?
A. Issue the key recovery agent certificate template.
B. Run certutil.exe -recoverkey.
C. Run certreq.exe-policy.
D. Modify the location of the Authority Information Access (AIA) distribution point.
Correct Answer: A
Explanation/Reference:
Reference:
http://technet.microsoft.com/en-us/library/cc770588.aspx
Identify a Key Recovery Agent
A key recovery agent is a person who is authorized to recover a certificate on behalf of an end user. Because the role of key recovery agents can involve sensitive data, only highly trusted individuals should be assigned to this role.
To identify a key recovery agent, you must configure the Key Recovery Agent certificate template to allow the person assigned to this role to enroll for a key recovery agent certificate.
