You have a certification authority (CA) named CA1.
You create a certificate template named Template1 that has the following configurations:
– Minimum key size: 2048
– Cryptographic provider Microsoft Strong Cryptographic Provider
– Compatibility Settings – Certification Authority: Windows Server 2012 R2
– Compatibility Settings – Certificate recipient: Windows 8.1 / Windows Server 2012 R2
You plan to configure Template1 to require that computers requesting certificates based on Template1 must have a TPM-protected private key.
You need to modify Template1 to ensure that you can configure the Key Attestation settings.
What should you change?
A . Compatibility Settings – Certification Authority to Windows Server 2016
B . Compatibility Settings – Certificate recipient to Windows 10 / Windows Server 2016
C . Cryptographic provider to Microsoft Platform Crypto Provider
D . Minimum key size to 4096
Answer: C
Explanation:
References: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/tpmkey-attestation