You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents.
You need to ensure that all of the recovery agent certificates can be used to recover all new private keys.
What should you do()
A.Add a data recovery agent to the Default Domain Policy.
B.Modify the value in the Number of recovery agents to use box.
C.Revoke the current key recovery agent certificates and issue three new key recovery agent certificates.
D.Assign the Issue and Manage Certificates permission to users who have the key recovery agent certificates.