DRAG DROP
You network contains an Active Directory domain named contoso.com.
The domain contains an enterprise certification authority (CA).
A user named Admin1 is a member of the Domain Admins group.
You need to ensure that you can archive keys on the CA. The solution must use Admin1 as a key recovery agent.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
The answer to the question is completely CORRECT!
The user is already part of the Domain Admins group, so it is not necessary to change the security settings in the certificate template.
Please read carefully:
“A user named Admin1 is a member of the Domain Admins group. The solution must use Admin1 as a key recovery agent.”
If you look at Key Recovery Agent template you`ll see that Domain Admins have already rights to enroll, read and write so you don`t need to change security in this point: Certificate Templates console, modify the security of a certificate template.
So this should go:
1. From the certificate authority console, add a certificate template to issue
2. From the Certificate Console, request a certificate
3. From the certificate authority console, issue a pending request
4. From the Certification Authority console, add a Key Recovery Agent certificate.
Perfect!
Correct Order of Actions:
1) – From the Certificate Templates console, modify the security of a certificate template.
2) – From the Certification Authority console, add a certificate template to issue.
3) – From the Certificates console, request a certificate.
4) – From the Certification Authority console, add a Key Recovery Agent certificate.
Correct answer should be
Correct Answer:
1. From the certificate template console, modify the security of a certificate template
2. From the certificate authority console, add a certificate template to issue
3. From the Certificate Console, request a certificate
4. From the certificate authority console, issue a pending request
Explanation:
http://markgossa.blogspot.com/2017/03/enable-key-archival-in-server-2012-r2.html
Thanks for clearing this up much appreciated
Hopefully they will fix the answer.