Identity with Windows Server 2016 — Question 168

You have a certification authority (CA) named CA1. You create a certificate template named Template1 that has the following configurations:
✑ Minimum key size: 2048
✑ Cryptographic provider: Microsoft Strong Cryptographic Provider
✑ Compatibility Settings - Certification Authority: Windows Server 2012 R2
✑ Compatibility Settings - Certificate recipient: Windows 8.1 / Windows Server 2012 R2
You plan to configure Template1 to require that computers requesting certificates based on Template1 must have a TPM-protected private key.
You need to modify Template1 to ensure that you can configure the Key Attestation settings.
What should you change?

Answer options

• A. Compatibility Settings ג€" Certification Authority to Windows Server 2016
• B. Compatibility Settings ג€" Certificate recipient to Windows 10 / Windows Server 2016
• C. Cryptographic provider to Microsoft Platform Crypto Provider
• D. Minimum key size to 4096

Correct answer: C

Explanation

The correct answer is C because changing the cryptographic provider to Microsoft Platform Crypto Provider is necessary to enable Key Attestation settings for TPM-protected keys. The other options do not address the requirement for TPM integration; changing compatibility settings or increasing the key size does not enable the necessary features for Key Attestation.