You administer an Active Directory Domain Services environment. There are no certification authorities (CAs) in the envi
Posted: Wed Aug 17, 2022 7:03 am
You administer an Active Directory Domain Services environment. There are no certification authorities (CAs) in the environment.You plan to implement a two-tier CA hierarchy with an offline root CA.You need to ensure that the issuing CA is not used to create additional subordinate CAs.What should you do?
A. In the CAPolicy.inf file for the issuing CA, enter the following constraint: PathLength=1
B. In the CAPolicy.inf file for the root CA, enter the following constraint: PathLength=1
C. In the CAPolicy.inf file for the root CA, enter the following constraint: PathLength=2
D. In the CAPolicy.inf file for the issuing CA, enter the following constraint: PathLength=2
A. In the CAPolicy.inf file for the issuing CA, enter the following constraint: PathLength=1
B. In the CAPolicy.inf file for the root CA, enter the following constraint: PathLength=1
C. In the CAPolicy.inf file for the root CA, enter the following constraint: PathLength=2
D. In the CAPolicy.inf file for the issuing CA, enter the following constraint: PathLength=2