Identity with Windows Server 2016 — Question 186

You have an offline root certification authority (CA) named CA1. CA1 is hosted on a virtual machine.
You only turn on CA1 when the CA must be patched or you must generate a key for subordinate CAs.
You start CA1, and you discover that the filesystem is corrupted.
You resolve the filesystem corruption and discover that you must reload the CA root from a backup.
When you attempt to run the Restore-CARoleService cmdlet, you receive the following error message: `The process cannot access the file because it is being used by another process.`
You need to ensure that you can restore the CA.
What should you do first?

Answer options

• A. Stop the Active Directory Certificate Services (AD CS) service.
• B. Run the Restore-CARoleService cmdlet and specify the ג€"Force parameter.
• C. Stop the Active Directory Domain Services (AD DS) service.
• D. Run the Restore-CARoleService cmdlet and specify the path to a valid CA key.

Correct answer: A

Explanation

The correct answer is A because stopping the Active Directory Certificate Services (AD CS) service will release any locks on the files that are preventing the restore operation. Options B, C, and D do not address the issue of the file being in use, and thus will not resolve the problem effectively.