1. Which of the following is considered a best practice in the handling of EFS certificates?
   1. Users should export their public keys and store them in a safe place.
   2. Recovery agents should export their private keys and store them in a safe place.
   3. Users should export their symmetric keys and store them in a safe place.
   4. EFS key pairs should always be encrypted.
2. You are a network administrator of a Windows Server 2016 domain tasked with implementing the auto-enrollment of user certificates, which will be used to digitally sign emails. You perform the following procedures:

1. Install an enterprise root CA.
2. Choose a certificate template that allows users to digitally sign emails.
3. Duplicate the certificate template.
4. Assign permissions of Read, Enroll, and Autoenroll to the global security group that contains the users who need to be able to digitally sign emails.
5. Edit the Default Domain Policy and enable the Certificate Services Client Auto-Enrollment policy in User Configuration/Policies/Windows Settings/Security Settings/Public Key Policies.
6. Run gpupdate /force on the domain controller.
7. Log on to a domain workstation with a test domain account that is a member of the global security group to which you assigned Read, Enroll, and Autoenroll permissions to the certificate template.
8. Create an mmc that contains the Certificates snap-in.
9. Right-click the CertificatesCurrent User node under the Console Root, click All Tasks, and click Automatically Enroll and Retrieve Certificates.

The certificate does not appear in the users Certificates console. The most likely reason for this is that ___________________.

2. 1. you did not issue the certificate template
   2. you did not assign the global security group the View permission to the certificate template
   3. only administrators can manually trigger the enrollment and installation of certificates
   4. you did not run gpupdate /force on the workstation
3. In Lab 4.4, Anthony Newman received a certificate based on the User template. Which of the following statements regarding these certificates is correct? (Choose all that apply.)
   1. Both certificates allow Anthony Newman to use the Encrypting File System.
   2. Once a User certificate is issued to a user, the best practice is to revoke the users EFS certificate.
   3. The User certificate contains three different private keys, one for each of the three purposes of the certificate.
   4. Both certificates were issued by ServerName.
4. In this lab, the auto-enrollment policy was configured so that all domain users could receive the certificate based on the User certificate template. (True or False)?
5. Anthony used the certificate he received in Lab 4.4 to place his digital signature on an email to a customer named Helene Grimaud. For Helene to be sure that the email came from Anthony, she must __________________.
   1. trust ServerName
   2. install Anthonys certificate
   3. compare the thumbprint on Anthonys certificate with the result of her own hashing of his certificate
   4. send Anthony her certificate