You have an enterprise subordinate certification authority (CA). The CA issues smart card logon certificates.
Users are required to log on to the domain by using a smart card.
Your companys corporate security policy states that when an employee resigns, his ability to log on to the network must be immediately revoked.
An employee resigns.
You need to immediately prevent the employee from logging on to the domain. What should you do()
A.Revoke the employees smart card certificate.
B.Disable the employees Active Directory account.
C.Publish a new delta certificate revocation list (CRL).
D.Reset the password for the employees Active Directory account.
您可能感兴趣的试卷
你可能感兴趣的试题
A.Run syskey.exe and use the Update option. T.he safer ,easier way to help you pass any IT exams. 4 / 90
B.Run sigverif.exe and use the Advanced option.
C.Run certutil.exe and specify the -verify parameter.
D.Run certreq.exe and specify the -retrieve parameter.
You have a server named Server1 that has the following Active Directory Certificate Services (AD CS)
role services installed:
( Enterprise root certification authority (CA)
.Certificate Enrollment Web Service
.Certificate Enrollment Policy Web Service
You create a new certificate template.
External users report that the new template is unavailable when they request a new certificate. You verify that all other templates are available to the external users.
You need to ensure that the external users can request certificates by using the new template. What should you do on Server1()
A.Run iisreset.exe /restart.
B.Run gpupdate.exe /force.
C.Run certutil.exe dspublish.
D.Restart the Active Directory Certificate Services service.
our network contains two Active Directory forests named contoso.com and adatum.com. The functional level of both forests is Windows Server 2008 R2. Each forest contains one domain. Active Directory Certificate Services (AD CS) is configured in the contoso.com forest to allow sers from
The safer , easier way to help you pass any IT exams. 3 / 90
both forests to automatically enroll user certificates.
You need to ensure that all users in the adatum.com forest have a user certificate from the contoso.com
certification authority (CA).
What should you configure in the adatum.com domain()
A.From the Default Domain Controllers Policy, modify the Enterprise Trust settings.
B.From the Default Domain Controllers Policy, modify the Trusted Publishers settings.
C.From the Default Domain Policy, modify the Certificate Enrollment policy.
D.From the Default Domain Policy, modify the Trusted Root Certification Authority settings.
Your network contains an Active Directory domain.
You have a server named Server1 that runs Windows Server 2008 R2. Server1 is an enterprise root certification authority (CA).
You have a client computer named Computer1 that runs Windows 7.
You enable automatic certificate enrollment for all client computers that run Windows 7. You need to verify that the Windows 7 client computers can automatically enroll for certificates. Which command should you run on Computer1()
A.certreq.exe retrieve
B.certreq.exe submit
C.certutil.exe getkey
D.certutil.exe pulse
Your network contains an Active Directory domain. The relevant servers in the domain are configured as shown in the following table.
You need to ensure that all device certificate requests use the MD5 hash algorithm. What should you do()
A.On Server2, run the Certutil tool.
B.On Server1, update the CEP Encryption certificate template.
C.On Server1, update the Exchange Enrollment Agent (Offline Request) template.
D.On Server3, set the value of the HKLM\Software\Microsoft\Cryptography\MSCEP\ HashAlgorithm\HashAlgorithm registry key.
Certkiller .com has a server that runs on Windows Server 2008. The server also has an instance of Active Directory Lightweight Directory Services (AD LDS) running.
In order to test AD LDS, you need to replicate the AD LDS instance on a test computer located on the network.
What should you do to achieve this objective()
A.Execute AD LDS Setup wizard on the test computer to create and install a replica of AD LDS.
B.Execute repadmin/bs
C.Install and configure a new AD LDS instance on the test computer by copy and pasting the entire partition on the test computer
D.Execute the Dsmgmt command on the test computer and create a naming context
Certkiller .com has a main office and branch office in another city. You are assigned to deploy and implement a Read-only Domain Controller (RODC) at the branch office. You deploy a RODC that runs Windows Server 2008.
What should you do to ensure that the users at the branch office can log on to the domain using RODC()
A.Use Password Replication Policy on the RODC
B.Add RODC to the main office
C.Deploy and configure a new bridgehead server in the branch office
D.Deploy and configure a Password Replication Policy on the RODC in the main office
A.Open the Microsoft Management Console (MMC) and stop the Domain Controller service. After that,run the defrag tool
B.Start the domain controller in the Directory Service restore mode and run the Ntdsutil tool
C.Start the domain controller and then use the Defrag tool to start defragmentation
D.Open the MMC and stop the Domain Controller service. After that, run the Ntdsutil tool.
E.All of the above
Certkiller .com has a domain controller that runs Windows Server 2008. The Certkiller .com network boosts 40 Windows Vista client machines. As an administrator at Certkiller .com, you want to deploy Active Directory Certificate service (AD CS) to authorize the network users by issuing digital certificates.
What should you do to manage certificate settings on all machines in a domain from one main location()
A.Configure Enterprise CA certificate settings
B.Configure Enterprise trust certificate settings
C.Configure Advance CA certificate settings
D.Configure Group Policy certificate settings
E.All of the above
A.RID master
B.PDC emulator
C.Schema master
D.Infrastructure master
E.Domain naming master
最新试题
Your network contains an Active Directory domain that has two sites. You need to identify whether logon scripts are replicated to all domain controllers. Which folder should you verify()
Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Serever 2008 Standart. You need to install an enterprise subordinate certification authority (CA) that support private key archival. You must achieve this goal by using the minimum amount of administrative effort.What do you do first()
Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server()
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA). The relevant servers in the domain are configured as shown in the following table: Server name Operating system Server role Server1 Windows Server 2003 Enterprise root CA Server2 Windows Server 2008 Enterprise subordinate CA Server3 Windows Server 2008 R2 Web Server You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network. What should you do()
Your network contains a single Active Directory domain named contoso.com. An administrator accidentally deletes the _msdsc.contoso.com zone. You recreate the _msdsc.contoso.com zone. You need to ensure that the _msdsc.contoso.com zone contains all of the required DNS records. What should you do on each domain controller()
You remotely monitor several domain controllers. You run winrm.exe quickconfig on each domain controller. You need to create a WMI script query to retrieve information from the bios of each domain controller. Which format should you use to write the query()
Your network contains an Active Directory domain. The domain contains 1000 user accounts. You have a list that contains the mobile phone number of each user You need to add the mobile number of each user to Active Directory. What should you do()
Your network contains an Active Directory forest. The forest contains two domain controllers. The domain controllers are configured as shown in the following table. All client computers run Windows 7. You need to ensure that all client computers in the domain keep the same time as an external time server. What should you do()
What should you do()
Your company has four offices. The network contains a single Active Directory domain. Each office has domain controller. Each office has an organitational unit (OU) that contains the user accounts for the users in that office. In each office, support technicians perform basic troubleshooting for the users in their respective office. You need to ensure that the support technicians can reset the password for the user accounts in their respective office only. The solution must prevent the thechnicians from creating user accounts. What shoul you do()