nerdexam
Microsoft

70-642 · Question #157

70-642 Question #157: Real Exam Question with Answer & Explanation

The correct answer is C. On Server1, run certutil.exe -setreg policy\editflags +editf_attributeenddate.. Configure template validity period override Use the following procedure to allow the CA to issue the new health certificate template. This procedure applies to an enterprise NAP CA only. To allow template validity period override On the NAP CA, click Start, click Run, right-click

Question

Your network contains an Active Directory domain. The domain contains an enterprise certification authority (CA) named Server1 and a server named Server2. On Server2, you deploy Network Policy Server (NPS) and you configure a Network Access Protection (NAP) enforcement policy for IPSec. From the Health Registration Authority snap-in on Server2, you set the lifetime of health certificates to four hours. You discover that the validity period of the health certificates issued to client computers is one year. You need to ensure that the health certificates are only valid for four hours. What should you do?

Options

  • AModify the Request Handling settings of the certificate template used for the health
  • BModify the Issuance Requirements settings of the certificate template used for the health
  • COn Server1, run certutil.exe -setreg policy\editflags +editf_attributeenddate.
  • DOn Server1, run certutil.exe Csetregdbflags +dbflags_enablevolatilerequests.

Explanation

Configure template validity period override Use the following procedure to allow the CA to issue the new health certificate template. This procedure applies to an enterprise NAP CA only. To allow template validity period override On the NAP CA, click Start, click Run, right-click Command Prompt, and then click Run as In the command window, type Certutil.exe -setreg policy\EditFlags +EDITF_ATTRIBUTEENDDATE, and then press ENTER. In the command window, type net stop certsvc && net start certsvc, and then press ENTER. Verify that Active Directory Certificate Services (AD CS) stops and starts successfully.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 70-642 Practice