Identity with Windows Server 2016 — Question 179

You network contains an Active Directory domain named contoso.com. The domain contains an enterprise certification authority (CA) named CA1.
You have a test environment that is isolated physically from the corporate network and the Internet.
You deploy a web server to the test environment. On CA1, you duplicate the Web Server template, and you name the template Web_Cert_Test.
For the web server, you need to request a certificate that does not contain the revocation information of CA1.
What should you do first?

Answer options

• A. From the properties of CA1, allow certificates to be published to the file system.
• B. From the properties of CA1, select Restrict enrollment agents, and then add Web_Cert_Test to the restricted enrollment agent.
• C. From the properties of Web_Cert_Test, assign the Enroll permission to the guest account.
• D. From the properties of Web_Cert_Test, set the Compatibility setting of CA1 to Windows Server 2016.

Correct answer: D

Explanation

The correct answer is D because setting the Compatibility of CA1 to Windows Server 2016 allows the Web_Cert_Test template to be compatible with the requirements of the certificate request. Options A, B, and C do not address the compatibility setting needed for the certificate to be issued without revocation information.