Identity with Windows Server 2016 — Question 101

You have a standalone root certification authority (CA).
You have a new security policy requirements specifying that any changes to the CA configuration must be logged.
You need to ensure that the CA meets the new security requirement.
Which two actions should you perform? Each correct answer presents part of the solution.

Answer options

• A. From the Certification Authority console, modify the Auditing settings for the CA.
• B. From the Certification Authority console, modify the Security settings for the CA.
• C. From Local Group Policy Editor, configure auditing for policy change.
• D. From the Certification Authority console, modify the Certificate Managers settings for the CA.
• E. From Local Group Policy Editor, configure auditing for object access.

Correct answer: C, E

Explanation

The correct answers are C and E because configuring auditing for policy changes and object access ensures that all changes to the CA configuration are logged, meeting the security policy requirements. Options A, B, and D do not specifically address the logging of configuration changes as required by the new security policy.