Identity with Windows Server 2016 — Question 146

You deploy a new certification authority (CA) to a server that runs Windows Server 2016.
You need to configure the CA to support recovery of certificates.
What should you do first?

Answer options

• A. Assign the Request Certificates permission to the user account that will be responsible for recovering certificates.
• B. Configure the Key Recovery Agent template as a certificate template to issue.
• C. Modify the Recovery Agents settings from the properties of the CA.
• D. Modify the extension of the OCSP Response Signing template.

Correct answer: B

Explanation

The correct answer is B because configuring the Key Recovery Agent template is essential for enabling the recovery of certificates. The other options focus on permissions and settings that do not directly establish the capability for certificate recovery.