A.Remove the Request Certificates permission from the Domain Users group.
B.Remove the Request Certificated permission from the Authenticated Users group.
C.Assign the Allow - Manage CA permission toonly the Security Manager user Account.
D.Assign the Allow - Issue and Manage Certificates permission to only the Security Manger user account
您可能感兴趣的试卷
你可能感兴趣的试题
A.Run auditpol.exe.
B.Modify the auditing entry for OUI.
C.Modify the auditing entry for the domain.
D.Create a new Group PolicyObject (GPO). Enable Audit account management policy setting. Link the GPO to OUI.
A.Dsmod
B.Netdom
C.Redirusr
D.Active Directory Domains and Trusts
A.Install and configure an Online Responder.
B.Install and configure an addtional domain controller.
C.Import the Root CA certificate into the Trusted Root Certification Authorities on all client workstations.
D.Import the Issuing CA certificate into the Trusted Root Certification Authorities on all client workstations.
A.Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.
B.Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.
C.Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group object.
D.Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.
A.Run the netsh interface reset command.
B.Run the ipconfig /flushdns command.
C.Run the dnscmd /EnlistDirectoryPartition command.
D.Run the sc stop netlogon command followed by the sc start netlogon command.
A.On the member server, create a stub zone.
B.On the memeber server, create a NS record for each domain controller.
C.On one domain controller, create a conditional forwarder. Configure the conditional forwarder to replicate to all DNS servers in the forest.
D.On one domain controller, create a conditional forwarder. Configure the conditional forwarder to replicate to all DNS servers in the domain.
A.Set the Minimun password age setting to one day.
B.Set the Maximum password age setting to one day.
C.Set the Account lockout duration setting to 5 minutes.
D.Set the Reset account lockout counter after setting to 5 minutes.
E.Set the Account lockout threshold setting to 3 invalid logon attempts.
F.Set the Enforce password history setting to 3 passswords remembered.
A.Use the Group Policy Management Console (GPMC) utility to back up the GPO to a file. In each site, import the GPO to the default domain policy.
B.Copy the ADMX files from your company’s PDC emulator to the PolicyDefinitions folder on the partner company’s PDC emulator
C.Copy the ADML files from your company’s PDC emulator to the PolicyDefinitions folder on the partner company’s PDC emulator
D.Download the conf.adm, system.adm, wuau.adm, and inetres.adm files from the Microsoft Updates Web site. Copy the ADM files to the PolicyDefinitions folder on thr partner company’s emulator.
A.Change the functional level of the forest to WIndows Server 2008.
B.Log on by using an account that has Server Operator rights.
C.Log on by using an account that has Schema Administrator rights and the appropriate rights to install the application.
D.Log on by using an account that has the Enterprise Administrator rights and the appropriate rights to install the application.
A.Modify the userAccountControl attribute to disabled. Run the csvde i k f import.csv command. Run the DSMOD utility to set default passwords for the user accounts.
B.Modify the userAccountControl attribute to accounts disabled. Run the csvde f import.csv command. Run the DSMOD utility to set default passwords for the user accounts.
C.Modify the userAccountControl attribute to disabled. Run the wscript import.csv command. Run the DSADD utility to set default passwords for the imported user accounts.
D.Modify the userAccountControl attribute to disabled. Run ldifde i f import.csv command. Run the DSADD utility to set passwords for the imported user accounts.
最新试题
You have an enterprise subordinate certification authority (CA). You have a group named Group1. You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1 must not be allowed to revoke certificates. What should you do()
Your company has four offices. The network contains a single Active Directory domain. Each office has domain controller. Each office has an organitational unit (OU) that contains the user accounts for the users in that office. In each office, support technicians perform basic troubleshooting for the users in their respective office. You need to ensure that the support technicians can reset the password for the user accounts in their respective office only. The solution must prevent the thechnicians from creating user accounts. What shoul you do()
Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server()
Your network contains an Active Directory domain named contoso.com. You have a management computer named Computer1 that runs Windows 7. You need to forward the logon events of all the domain controllers in contoso.com to Computer1. All new domain controllers must be dynamically added to the subscription. What should you do()
Your network contains a single Active Directory domain named contoso.com. An administrator accidentally deletes the _msdsc.contoso.com zone. You recreate the _msdsc.contoso.com zone. You need to ensure that the _msdsc.contoso.com zone contains all of the required DNS records. What should you do on each domain controller()
Your network contains an Active Directory domain named contoso.com. All domain controllers and member servers run Windows Server 2008. All client computer run Windows 7. From a client computer, you create an audit policy by using the Advanced Audit Policy Configuration settings in the Default Domain Policy Group Policy object (GPO). You discover that the audit policy is not applied to the member servers. The audit policy is applied to the client computers. You need to ensure that the audit policy is applied to all member servers and all client computers. What should you do()
You create a new Active Directory domain. The functional level of the domain is Windows Server 2008 R2. The domain contains five domain controllers. You need to monitor the replication of the group policy template files. Which tool should you use()
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA). The relevant servers in the domain are configured as shown in the following table: Server name Operating system Server role Server1 Windows Server 2003 Enterprise root CA Server2 Windows Server 2008 Enterprise subordinate CA Server3 Windows Server 2008 R2 Web Server You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network. What should you do()
Your network contains an Active Directory domain. All domain controller run Windows Server 2003. You replace all domain controllers with domain controllers that run Windows Server 2008 R2. You raise the functional level of the domain to Windows Server 2008 R2. You need to minimize the amount of SYSVOL replication traffic on the network. What should you do()
You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents. You need to ensure that all of the recovery agent certificates can be used to recover all new private keys. What should you do()