Identity with Windows Server 2016 — Question 49

Your network contains an enterprise root certification authority (CA) named CA1.
Multiple computers on the network successfully enroll for certificates that will expire in one year. The certificates are based on a template named
Secure_Computer. The template uses schema version 2.
You need to ensure that new certificates based on Secure_Computer are valid for three years.
What should you do?

Answer options

• A. Modify the Validity period for the certificate template.
• B. Instruct users to request certificates by running the certreq.exe command.
• C. Instruct users to request certificates by using the Certificates console.
• D. Modify the Validity period for the root CA certificate.

Correct answer: A

Explanation

The correct answer is A because modifying the Validity period of the certificate template directly affects the duration of certificates issued based on it. The other options do not address the template's validity period and instead focus on the certificate request process or the root CA, which are not relevant to extending the certificate's lifespan from the template.