A.Configure auditing in the Certification Services snap-in.
B.Enable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32% \CertSrv directory.
C.Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%\CertLog directory.
D.Enable the Audit object access setting in the Local Security Policy for the Certification Services server.
您可能感兴趣的试卷
你可能感兴趣的试题
A.Archive the private key on the server.
B.Apply the Hisecdc security template to the domain controllers.
C.Configure the certificate for automatic enrollment for the computers that store encrypted files.
D.Install an Enterprise Subordinate CA and issue a user certificate to users of the encrypted files.
A.Configure the Online Responder Role Service on a member server.
B.Configure the Online Responder Role Service on a domain controller.
C.Configure the Certification Authority Web Enrollment Role Service on a member server.
D.Configure the Certification Authority Web Enrollment Role Service on a domain controller.
A.Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.
B.Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration Server array.
C.Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).
D.Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.
A.On the new server, run dcpromo /adv.
B.On the new server, run dcpromo /createdcaccount.
C.On a domain controller run adprep /rodcprep.
D.On a domain controller, run adprep /forestprep.
Your company has an Active Directory domain named contoso.com. The company network has two DNS servers named DNS1 and DNS2.
The DNS servers are configured as shown in the following table.
Domain users, who are configured to use DNS2 as the preferred DNS server, are unable to connect to Internet Web sites.
You need to enable Internet name resolution for all client computers.
What should you do()
A.Create a copy of the .(root) zone on DNS1.
B.Update the list of root hints servers on DNS2.
C.Update the Cache.dns file on DNS2 Configure conditional forwarding on DNS1.
D.Delete the .(root) zone from DNS2. Configure conditional forwarding on DNS2.
A.Register Schmmgml.dll.
B.Log off and log on again by using an account that is a member of the Schema Administrators group.
C.Use the Ntdsutil.exe command to connect to the Schema Master operations master and open the schema for writing.
D.Add the Active Directory Lightweight Directory Services (AD LDS) role to the domain controller by using Server Manager.
A.Decrease the replication interval for all Connection objects.
B.Decrease the replication interval for the DEFAULTIPSITELINK site link.
C.Set up a one-way shortcut trust from eng.na.contoso.com to labs.eu.contoso.com.
D.Set up a one-way shortcut trust from labs.eu.contoso.com to eng.na.contoso.com.
Certkiller.com runs Window Server 2008 on all of its servers. It has a single Active Directory domain and it uses Enterprise Certificate Authority. The security policy at Certkiller .com makes it necessary to examine revoked certificate information.
You need to make sure that the revoked certificate information is available at all times. What should you do to achieve that()
A.Add and configure a new GPO (Group Policy Object) that enables users to accept peer certificates and link the GPO to the domain.
B.Configure and use a GPO to publish a list of trusted certificate authorities to the domain
C.Configure and publish an OCSP (Online certificate status protocol) responder through ISAS (Internet Security and Acceleration Server) array.
D.Use network load balancing and publish an OCSP responder.
E.None of the above
As an administrator at Certkiller.com, you have installed an Active Directory forest that has a single domain. You have installed an Active Directory Federation services (AD FS) on the domain member server.
What should you do to configure AD FS to make sure that AD FS token contains information from the active directory domain()
A.Add a new account store and configure it.
B.Add a new resource partner and configure it
C.Add a new resource store and configure it
D.Add a new administrator account on AD FS and configure it
E.None of the above
Certkiller has an Active Directory forest with six domains. The company has 5 sites. The company requires a new distributed application that uses a custom application directory partition named ResData for data replication.
The application is installed on one member server in five sites.
You need to configure the five member servers to receive the ResData application directory partition for data replication. What should you do()
A.Run the Dcpromo utility on the five member servers.
B.Run the Regsvr32 command on the five member servers
C.Run the Webadmin command on the five member servers
D.Run the RacAgent utility on the five member servers
最新试题
You need to compact an Active Directory database on a domain controller that runs windows Server 2008 R2. What should you do()
Your network contains an Active Directory domain. The domain contains a group named Group1. The minimum password lenght for the domain is set to six characters. you need to ensure that the passwords for all users in Group1 are at least 10 characters long. All other users must be able to use passwords that are six characters long. What should you do first()
Your network contains an Active Directory domain named contoso.com. The domain contains five domain controllers.You add a logoff script to an existing Group Policy object (GPO). You need to verify that each domain controller successfully replicates the updated group policy. Which two objects should you verify on each domain controller()
Your company has four offices. The network contains a single Active Directory domain. Each office has domain controller. Each office has an organitational unit (OU) that contains the user accounts for the users in that office. In each office, support technicians perform basic troubleshooting for the users in their respective office. You need to ensure that the support technicians can reset the password for the user accounts in their respective office only. The solution must prevent the thechnicians from creating user accounts. What shoul you do()
Your network contains an Active Directory domain. All domain controller run Windows Server 2003. You replace all domain controllers with domain controllers that run Windows Server 2008 R2. You raise the functional level of the domain to Windows Server 2008 R2. You need to minimize the amount of SYSVOL replication traffic on the network. What should you do()
You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment. You need to ensure that the certificate template is available on the Web enrollment pages. What should you do()
Your network contain 10 domain controller that run Windows Server R2. The network contain a member server that is configured to collect all of events that occur on the domain controllers. Your need to ensure that administrators are notified when a specific event occurs on any of the domain controllers. You want to achive the goal by using the minimum amount effort. What should you do()
You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform()
You need to receive an e-mail message whenever a domain user account is locked out. Which tool should you use()
Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Serever 2008 Standart. You need to install an enterprise subordinate certification authority (CA) that support private key archival. You must achieve this goal by using the minimum amount of administrative effort.What do you do first()