our network contains two Active Directory forests named contoso.com and adatum.com. The functional level of both forests is Windows Server 2008 R2. Each forest contains one domain. Active Directory Certificate Services (AD CS) is configured in the contoso.com forest to allow sers from
The safer , easier way to help you pass any IT exams. 3 / 90
both forests to automatically enroll user certificates.
You need to ensure that all users in the adatum.com forest have a user certificate from the contoso.com
certification authority (CA).
What should you configure in the adatum.com domain()
A.From the Default Domain Controllers Policy, modify the Enterprise Trust settings.
B.From the Default Domain Controllers Policy, modify the Trusted Publishers settings.
C.From the Default Domain Policy, modify the Certificate Enrollment policy.
D.From the Default Domain Policy, modify the Trusted Root Certification Authority settings.
您可能感兴趣的试卷
你可能感兴趣的试题
Your network contains an Active Directory domain.
You have a server named Server1 that runs Windows Server 2008 R2. Server1 is an enterprise root certification authority (CA).
You have a client computer named Computer1 that runs Windows 7.
You enable automatic certificate enrollment for all client computers that run Windows 7. You need to verify that the Windows 7 client computers can automatically enroll for certificates. Which command should you run on Computer1()
A.certreq.exe retrieve
B.certreq.exe submit
C.certutil.exe getkey
D.certutil.exe pulse
Your network contains an Active Directory domain. The relevant servers in the domain are configured as shown in the following table.
You need to ensure that all device certificate requests use the MD5 hash algorithm. What should you do()
A.On Server2, run the Certutil tool.
B.On Server1, update the CEP Encryption certificate template.
C.On Server1, update the Exchange Enrollment Agent (Offline Request) template.
D.On Server3, set the value of the HKLM\Software\Microsoft\Cryptography\MSCEP\ HashAlgorithm\HashAlgorithm registry key.
Certkiller .com has a server that runs on Windows Server 2008. The server also has an instance of Active Directory Lightweight Directory Services (AD LDS) running.
In order to test AD LDS, you need to replicate the AD LDS instance on a test computer located on the network.
What should you do to achieve this objective()
A.Execute AD LDS Setup wizard on the test computer to create and install a replica of AD LDS.
B.Execute repadmin/bs
C.Install and configure a new AD LDS instance on the test computer by copy and pasting the entire partition on the test computer
D.Execute the Dsmgmt command on the test computer and create a naming context
Certkiller .com has a main office and branch office in another city. You are assigned to deploy and implement a Read-only Domain Controller (RODC) at the branch office. You deploy a RODC that runs Windows Server 2008.
What should you do to ensure that the users at the branch office can log on to the domain using RODC()
A.Use Password Replication Policy on the RODC
B.Add RODC to the main office
C.Deploy and configure a new bridgehead server in the branch office
D.Deploy and configure a Password Replication Policy on the RODC in the main office
A.Open the Microsoft Management Console (MMC) and stop the Domain Controller service. After that,run the defrag tool
B.Start the domain controller in the Directory Service restore mode and run the Ntdsutil tool
C.Start the domain controller and then use the Defrag tool to start defragmentation
D.Open the MMC and stop the Domain Controller service. After that, run the Ntdsutil tool.
E.All of the above
Certkiller .com has a domain controller that runs Windows Server 2008. The Certkiller .com network boosts 40 Windows Vista client machines. As an administrator at Certkiller .com, you want to deploy Active Directory Certificate service (AD CS) to authorize the network users by issuing digital certificates.
What should you do to manage certificate settings on all machines in a domain from one main location()
A.Configure Enterprise CA certificate settings
B.Configure Enterprise trust certificate settings
C.Configure Advance CA certificate settings
D.Configure Group Policy certificate settings
E.All of the above
A.RID master
B.PDC emulator
C.Schema master
D.Infrastructure master
E.Domain naming master
A.RID master
B.PDC emulator
C.Schema master
D.Infrastructure master
E.Domain naming master
A.在服务器上,存档的私钥
B.配置Hisecdc安全模板
C.撤销企业从属CA和问题用户证书加密文件的用户
D.配置存储加密文件的计算机自动enrollement
A.更改本地计算机策略的企业根CA仅允许管理员管理受信任的发布。
B.发布的代码签名模板
C.更改模板的安全设置,只允许管理员请求代码签名证书
D.管理员之间分发代码签名模板,并要求他们将其添加到信任同行证书。
最新试题
Your network contains an Active Directory domain. The domain contains 1000 user accounts. You have a list that contains the mobile phone number of each user You need to add the mobile number of each user to Active Directory. What should you do()
You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment. You need to ensure that the certificate template is available on the Web enrollment pages. What should you do()
You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform()
Your network contains an Active Directory domain controller named DC1. DDC1 runs Windows Server 2008 R2. You need to defragment the Active Directory database on DC1. The solution must minimize downtime on DC1. What should you do first()
You have an enterprise subordinate certification authority (CA). You have a group named Group1. You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1 must not be allowed to revoke certificates. What should you do()
Your network contains an Active Directory domain. All domain controller run Windows Server 2003. You replace all domain controllers with domain controllers that run Windows Server 2008 R2. You raise the functional level of the domain to Windows Server 2008 R2. You need to minimize the amount of SYSVOL replication traffic on the network. What should you do()
What should you do()
You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents. You need to ensure that all of the recovery agent certificates can be used to recover all new private keys. What should you do()
Your network contains a single Active Directory domain named contoso.com. An administrator accidentally deletes the _msdsc.contoso.com zone. You recreate the _msdsc.contoso.com zone. You need to ensure that the _msdsc.contoso.com zone contains all of the required DNS records. What should you do on each domain controller()
Your network contains an Active Directory domain named contoso.com. All domain controllers and member servers run Windows Server 2008. All client computer run Windows 7. From a client computer, you create an audit policy by using the Advanced Audit Policy Configuration settings in the Default Domain Policy Group Policy object (GPO). You discover that the audit policy is not applied to the member servers. The audit policy is applied to the client computers. You need to ensure that the audit policy is applied to all member servers and all client computers. What should you do()