Identity with Windows Server 2016 — Question 180

Your network contains an Active Directory domain. The domain contains an Active Directory Rights Management Services (AD RMS) cluster and a certification authority (CA).
You need to ensure that all the documents that are protected by using AD RMS can be decrypted if the account used to encrypt the documents is deleted.
What should you do?

Answer options

• A. Configure super users in the AD RMS deployment.
• B. Manually configure the AD RMS cluster key password.
• C. Back up the AD RMS-protected files by using Windows Server Backup.
• D. Configure key archival on the CA.

Correct answer: A

Explanation

Configuring super users in the AD RMS deployment allows designated accounts to access protected content even if the original encrypting account is deleted. The other options do not provide a means to ensure decryption access after the account's deletion, as they either pertain to backup or management of keys without addressing access rights directly.