Identity with Windows Server 2016 — Question 171

Your network contains an Active Directory domain named contoso.com. The domain contains a certification authority (CA).
The CA certificate was valid for five years and is about to expire.
You need to ensure that when you renew the CA certificate, the maximum Validity period for the certificate is 10 years.
What should you do before you renew the certificate?

Answer options

• A. From Microsoft XML Notepad, create a file named CAPolicy.xml. Store CAPolicy.xml in the C:\Window\System32\ADCS folder.
• B. From Windows System Image Manager, create a file named Unattend.xml. Store Unattend.xml in the C:\Windows\System32\Config folder.
• C. From Windows Imaging and Configuration Designer, create a file named Unattend.ini. Store Unattend.ini in the C:\Windows\Panther folder.
• D. From Microsoft Notepad, create a file named CAPolicy.inf. Store CAPolicy.inf in the C:\Windows folder.

Correct answer: D

Explanation

The correct answer is D because creating a CAPolicy.inf file allows you to specify the new validity period for the CA certificate during the renewal process. Options A, B, and C are incorrect because they pertain to different file types and purposes that do not affect the CA certificate renewal settings.