A.Archive the private key on the server.
B.Apply the Hisecdc security template to the domain controllers.
C.Configure the certificate for automatic enrollment for the computers that store encrypted files.
D.Install an Enterprise Subordinate CA and issue a user certificate to users of the encrypted files.
您可能感兴趣的试卷
你可能感兴趣的试题
A.Configure the Online Responder Role Service on a member server.
B.Configure the Online Responder Role Service on a domain controller.
C.Configure the Certification Authority Web Enrollment Role Service on a member server.
D.Configure the Certification Authority Web Enrollment Role Service on a domain controller.
A.Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.
B.Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration Server array.
C.Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).
D.Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.
A.On the new server, run dcpromo /adv.
B.On the new server, run dcpromo /createdcaccount.
C.On a domain controller run adprep /rodcprep.
D.On a domain controller, run adprep /forestprep.
Your company has an Active Directory domain named contoso.com. The company network has two DNS servers named DNS1 and DNS2.
The DNS servers are configured as shown in the following table.
Domain users, who are configured to use DNS2 as the preferred DNS server, are unable to connect to Internet Web sites.
You need to enable Internet name resolution for all client computers.
What should you do()
A.Create a copy of the .(root) zone on DNS1.
B.Update the list of root hints servers on DNS2.
C.Update the Cache.dns file on DNS2 Configure conditional forwarding on DNS1.
D.Delete the .(root) zone from DNS2. Configure conditional forwarding on DNS2.
A.Register Schmmgml.dll.
B.Log off and log on again by using an account that is a member of the Schema Administrators group.
C.Use the Ntdsutil.exe command to connect to the Schema Master operations master and open the schema for writing.
D.Add the Active Directory Lightweight Directory Services (AD LDS) role to the domain controller by using Server Manager.
A.Decrease the replication interval for all Connection objects.
B.Decrease the replication interval for the DEFAULTIPSITELINK site link.
C.Set up a one-way shortcut trust from eng.na.contoso.com to labs.eu.contoso.com.
D.Set up a one-way shortcut trust from labs.eu.contoso.com to eng.na.contoso.com.
Certkiller.com runs Window Server 2008 on all of its servers. It has a single Active Directory domain and it uses Enterprise Certificate Authority. The security policy at Certkiller .com makes it necessary to examine revoked certificate information.
You need to make sure that the revoked certificate information is available at all times. What should you do to achieve that()
A.Add and configure a new GPO (Group Policy Object) that enables users to accept peer certificates and link the GPO to the domain.
B.Configure and use a GPO to publish a list of trusted certificate authorities to the domain
C.Configure and publish an OCSP (Online certificate status protocol) responder through ISAS (Internet Security and Acceleration Server) array.
D.Use network load balancing and publish an OCSP responder.
E.None of the above
As an administrator at Certkiller.com, you have installed an Active Directory forest that has a single domain. You have installed an Active Directory Federation services (AD FS) on the domain member server.
What should you do to configure AD FS to make sure that AD FS token contains information from the active directory domain()
A.Add a new account store and configure it.
B.Add a new resource partner and configure it
C.Add a new resource store and configure it
D.Add a new administrator account on AD FS and configure it
E.None of the above
Certkiller has an Active Directory forest with six domains. The company has 5 sites. The company requires a new distributed application that uses a custom application directory partition named ResData for data replication.
The application is installed on one member server in five sites.
You need to configure the five member servers to receive the ResData application directory partition for data replication. What should you do()
A.Run the Dcpromo utility on the five member servers.
B.Run the Regsvr32 command on the five member servers
C.Run the Webadmin command on the five member servers
D.Run the RacAgent utility on the five member servers
Certkiller.com has an active directory forest on a single domain.
Certkiller needs a distributed application that employs a custom application. The application is directory partition software named PARDAT. You need to implement this application for data replication.
Which two tools should you use to achieve this task()
A.Dnscmd.
B.Ntdsutil.
C.Ipconfig
D.Dnsutil
E.All of the above
最新试题
Your network contains an Active Directory domain. All domain controller run Windows Server 2003. You replace all domain controllers with domain controllers that run Windows Server 2008 R2. You raise the functional level of the domain to Windows Server 2008 R2. You need to minimize the amount of SYSVOL replication traffic on the network. What should you do()
You need to receive an e-mail message whenever a domain user account is locked out. Which tool should you use()
Your network contains an Active Directory domain named contoso.com. The domain contains five domain controllers.You add a logoff script to an existing Group Policy object (GPO). You need to verify that each domain controller successfully replicates the updated group policy. Which two objects should you verify on each domain controller()
Your network contains an Active Directory domain named contoso.com. All domain controllers and member servers run Windows Server 2008. All client computer run Windows 7. From a client computer, you create an audit policy by using the Advanced Audit Policy Configuration settings in the Default Domain Policy Group Policy object (GPO). You discover that the audit policy is not applied to the member servers. The audit policy is applied to the client computers. You need to ensure that the audit policy is applied to all member servers and all client computers. What should you do()
Your network contains two Active Directory forests named contoso.com and nwtraders.com. A two-way forest trust exists between contoso.com and nwtraders.com. The forest trust is configured to use selective authentication. Contoso.com contains a server named Server1. Server1 contains a shared folder named Marketing. Nwtraders.com contains a global group named G_Marketing. The Change share permission and the Modify NTFS permissions for the Marketing folder are assignes to the G_Marketing group. Members of G_Marketing report that they cannot accesss the Marketing folder. You need to ensure that the G_Marketing members can accesss the folder from the network. What should you do()
Your network contains an Active Directory domain. The domain contains a group named Group1. The minimum password lenght for the domain is set to six characters. you need to ensure that the passwords for all users in Group1 are at least 10 characters long. All other users must be able to use passwords that are six characters long. What should you do first()
You install a standalone root certification authority (CA) on a server named Server1. You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computer’s Trusted Root Certification Authorities store. Which command should you run on Server1()
Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication. Which two actions should you perform()
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA). The relevant servers in the domain are configured as shown in the following table: Server name Operating system Server role Server1 Windows Server 2003 Enterprise root CA Server2 Windows Server 2008 Enterprise subordinate CA Server3 Windows Server 2008 R2 Web Server You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network. What should you do()
Your network contains an Active Directory domain named contoso.com. Contoso.com contains three servers.The servers are configure as shown in the following table. Server name Server roel Service Server1 Certification authority (CA) Server2 Certificate Enrollment Web Service Server3 Certificate Enrollment Policy Web Service You need to ensure that users can manually enroll and renew their certificates by using the Certificate Enrollment Web Service. Which two actions should you perform()