exam questions

Exam 70-742 All Questions

View all questions & answers for the 70-742 exam

Exam 70-742 topic 1 question 204 discussion

Actual exam question from Microsoft's 70-742
Question #: 204
Topic #: 1
[All 70-742 Questions]

You have an enterprise certification authority (CA).
You create a global security group named Group1.
You need to provide members of Group1 with the ability to issue and manage certificates.
The solution must prevent the Group1 members from managing certificates requested by members of the Domain Admins group.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. From the CA properties, modify the Policy Module settings.
  • B. From the Certificate Templates console, modify the Security settings of the Administrator certificate template.
  • C. From the CA properties, modify the Security settings.
  • D. From the CA properties, modify the Enrollment Agents settings.
  • E. From the CA properties, modify the Certificate Managers settings.
  • F. From the Certificate Templates console, modify the Security settings of the User certificate template.
Show Suggested Answer Hide Answer
Suggested Answer: CE 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Person
Highly Voted 5 years ago
I'm going with CE... I see this in other forum: First, we need to give Group1 permissions to “Issue and Manage Certificates” which is an option in the security tab of the CA’s properties. Thus, answer C. Next, we need to restrict this group to Deny them access to the Administrator’s certificates. For that, we go to the Certificate Managers tab, click on “Restrict Certificate Managers”. At this point, Group1 should be listed. Click on it, then under Permissions, Add the Domain Admins group and click on Deny. Group1 can now no longer Manage and Issue for the Domain Admins group. Thus, answer E. See: https://social.technet.microsoft.com/wiki/contents/articles/10942.ad-cs-security-guidance.aspx
upvoted 15 times
lbs
4 years, 8 months ago
I agree. Thanks for nailing this.
upvoted 3 times
...
...
coleman
Highly Voted 5 years ago
the answer is correct. C. From the CA properties, modify the security settings. E. From the CA properties, modify the Certificate Managers Settings. https://technet.microsoft.com/en-us/library/cc753372.aspx
upvoted 8 times
...
lofzee
Most Recent 3 years, 11 months ago
definitely C + E tested in lab. You edit the security settings of the CA, then you go to cert managers tab and edit the permissions in there.
upvoted 2 times
josevirtual
3 years, 11 months ago
I have just do it as well CE
upvoted 1 times
...
...
yesboet
4 years, 1 month ago
C AND E
upvoted 1 times
...
Nickalot
4 years, 3 months ago
CA Policy Module tab only allows you to choose request handling by clicking Properties or Change the active policy module by clicking select. The Properties button has two options 1) Set the certificate request status to pending. The administrator must explicitly issue the certificate. 2)Follow the settings in the certificate template, if applicable. Otherwise, automatically issue the certificate. (default setting) This does not allow you to choose WHICH certs are only handled by admins, but simply states that all requests must be approved by an admin. Nowhere in the given information does it say that a special certificate template was created with different permissions set up. Therefore, A cannot be correct.
upvoted 1 times
...
Kamikazekiller
4 years, 5 months ago
C. From the CA properties, modify the security settings. E. From the CA properties, modify the Certificate Managers Settings.
upvoted 2 times
...
Nhan
4 years, 10 months ago
yes, the given answer is correct
upvoted 3 times
...
krj
4 years, 10 months ago
CE is correct. Just checked that in the lab.
upvoted 3 times
...
Adeban
4 years, 12 months ago
i'm going with AE
upvoted 2 times
...
Husny
5 years, 1 month ago
right answer would be A and E First we need to assign Group1 the Issue and Manage Certificates permission. Second we can restrict certificate managers to certain templates or groups. Restrict Certificate Managers A certificate manager can approve certificate enrollment and revocation requests, issue certificates, and manage certificates. This role can be configured by assigning a user or group the Issue and Manage Certificatespermission. When you assign this permission to a user or group, you can further refine their ability to manage certificates by group and by certificate template. For example, you might want to implement a restriction that they can only approve requests or revoke smart card logon certificates for users in a certain office or organizational unit that is the basis for a security group. This restriction is based on a subset of the certificate templates enabled for the certification authority (CA) and the user groups that have Enroll permissions for that certificate template from that CA
upvoted 3 times
...
TMW
5 years, 3 months ago
The correct answers are A and C.
upvoted 2 times
Gary
5 years, 2 months ago
Why a?
upvoted 2 times
...
...
Paz
5 years, 3 months ago
C & E are Correct https://www.ntweekly.com/2018/01/08/assign-permissions-manage-certificate-authority-windows-server-2016/
upvoted 4 times
GenjamBhai
4 years, 4 months ago
Allow perms to group/user to manage certs or CA CA > Properties > Security Tab > allow permissions to Read / Request Certs / Issue and Manage Certs / Manage CA to Group Specify which group can access which certs (or all certs) CA > Properties > Cert Manager Tab > Restrict Cert Manager > Select Group + All or specify Cert Templates (that user/group manages)
upvoted 2 times
...
...
[Removed]
5 years, 6 months ago
Agree CE
upvoted 3 times
...
Hayemaker
5 years, 11 months ago
CE is the answer.
upvoted 6 times
GenjamBhai
4 years, 4 months ago
CE is ok https://technet.microsoft.com/en-us/library/cc753372.aspx
upvoted 3 times
GenjamBhai
4 years, 4 months ago
Allow perms to group/user to manage certs or CA CA > Properties > Security Tab > allow permissions to Read / Request Certs / Issue and Manage Certs / Manage CA to Group Specify which group can access which certs (or all certs) CA > Properties > Cert Manager Tab > Restrict Cert Manager > Select Group + All or specify Cert Templates (that user/group manages)
upvoted 5 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago