A question about one of the questions in your practice exam

Hi i found a question in your practice exam that doesn't seem to match up with with a similar question on a practice exam from Microsoft press. Most likely im just not understanding the differences between the two questions

From your practice exam for 70-270 :

1. You are the desktop administrator for your company. All client desktop computers run Windows XP Professional and are members of a Windows 2000 domain. You have lost your file encryption certificate and you cannot access your encrypted files. What are possible ways to decrypt the files?

answer :
c. Log on as the domain administrator and decrypt the files.

Explanation:
The administrator of the local computer is the default recovery agent unless you are in a domain environment. In a domain environment, the domain administrator is the default recovery agent.

From Microsoft Press :

you are configuring a users computer to support EFS. the user telecommutes so the computer is not a member of an Active directory domain. The computer is running
Xp professional.

You want to make the local administrator account a Data Recovery Agent to ensure that files can be recovered even if the user deletes his EFS certificate or in the event that the user leaves the company.

You have logged on as administrator . What steps must you take?

so based on the answer to the question from your exam i chose :

- do nothing the local administrator is configured as the Data Recovery Agent on a standalone computer by default.

But that was wrong. The explanation said :

Under Microsoft Windows 2000 , the administrator account was considered a recovery agent by default on a standalone computer. This is not the case with Windows XP professional

MS press said the correct answer was :

User the cipher command to create a .pfx and .cer file
Use LocalSecurityPolicy to add a Data Recovery Agent to the Encrypting File System policy

Explanation :
Before you can define a Data Recovery agent on a standalone computer you need to generate a .pfx and .cer file for the user. On a standalone computer you must perform this action using the cipher command. On a standalone computer , recovery agents are defined through Local Security Policy. You add a Data Recovery Agent in the Security Settings, public Key Policies, Encrypting file system node.

So im confused as to which one is correct , or maybe they are both correct and i haven't understood the differences in the circumstances between the two questions.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Devilsbane

Which book are you referring to?

According to Data Recovery and Encrypting File System (EFS) ...

By default, the data recovery agent is defined to be the administrator account. On stand-alone workstations and workgroup machines, the administrator account is the local administrator; on domain-joined machines, the administrator account is the first domain controller’s administrator account.

I know that with later versions of windows (aka windows 7) there isn't a default DRA and you would need to go through extra steps to set one.

vitaloverdose

Thanks Devilsbane, the question is from the practice exam on the Readiness Review Suite by MeasureUp disk that came with the Dave Field book "70-270 installing , configuring, and administering Microsoft XP Professional ,Second Edition" . Apparently its "Approved Microsoft IT Academy text"

The question set in that practice exam seem a lot harder than any other ive come across so ive been concentrating on practicing with them for the last couple of weeks. But ive been finding a one or two that dont seem to match up with other stuff ive read.

Devilsbane

You might enjoy this too. Managing and Maintaining a Windows ... - Dan Balter, Ed Tittel - Google Books

vitaloverdose

Thanks Devilsbane, im sure that will come in handy.