Your network contains a server that runs Windows Server 2008 R2. The server is configured as an
enterprise root certification authority (CA).
You have a Web site that uses x.509 certificates for authentication. The Web site is configured to use a
many-to-one mapping.
You revoke a certificate issued to an external partner.
You need to prevent the external partner from accessing the Web site. What should you do()
A.Run certutil.exe -crl.
B.Run certutil.exe -delkey.
C.From Active Directory Users and Computers, modify the membership of the IIS_IUSRS group.
D.From Active Directory Users and Computers, modify the Contact object for the external partner.
您可能感兴趣的试卷
你可能感兴趣的试题
You add an Online Responder to an Online Responder Array.
You need to ensure that the new Online Responder resolves synchronization conflicts for all members of the Array.
What should you do()
A.From Network Load Balancing Manager, set the priority ID of the new Online Responder to 1.
B.From Network Load Balancing Manager, set the priority ID of the new Online Responder to 32.
C.From the Online Responder Management Console, select the new Online Responder, and then select Set as Array Controller.
D.From the Online Responder Management Console, select the new Online Responder, and then select Synchronize Members with Array Controller.
You have an enterprise subordinate certification authority (CA). The CA issues smart card logon certificates.
Users are required to log on to the domain by using a smart card.
Your companys corporate security policy states that when an employee resigns, his ability to log on to the network must be immediately revoked.
An employee resigns.
You need to immediately prevent the employee from logging on to the domain. What should you do()
A.Revoke the employees smart card certificate.
B.Disable the employees Active Directory account.
C.Publish a new delta certificate revocation list (CRL).
D.Reset the password for the employees Active Directory account.
A.Run syskey.exe and use the Update option. T.he safer ,easier way to help you pass any IT exams. 4 / 90
B.Run sigverif.exe and use the Advanced option.
C.Run certutil.exe and specify the -verify parameter.
D.Run certreq.exe and specify the -retrieve parameter.
You have a server named Server1 that has the following Active Directory Certificate Services (AD CS)
role services installed:
( Enterprise root certification authority (CA)
.Certificate Enrollment Web Service
.Certificate Enrollment Policy Web Service
You create a new certificate template.
External users report that the new template is unavailable when they request a new certificate. You verify that all other templates are available to the external users.
You need to ensure that the external users can request certificates by using the new template. What should you do on Server1()
A.Run iisreset.exe /restart.
B.Run gpupdate.exe /force.
C.Run certutil.exe dspublish.
D.Restart the Active Directory Certificate Services service.
our network contains two Active Directory forests named contoso.com and adatum.com. The functional level of both forests is Windows Server 2008 R2. Each forest contains one domain. Active Directory Certificate Services (AD CS) is configured in the contoso.com forest to allow sers from
The safer , easier way to help you pass any IT exams. 3 / 90
both forests to automatically enroll user certificates.
You need to ensure that all users in the adatum.com forest have a user certificate from the contoso.com
certification authority (CA).
What should you configure in the adatum.com domain()
A.From the Default Domain Controllers Policy, modify the Enterprise Trust settings.
B.From the Default Domain Controllers Policy, modify the Trusted Publishers settings.
C.From the Default Domain Policy, modify the Certificate Enrollment policy.
D.From the Default Domain Policy, modify the Trusted Root Certification Authority settings.
Your network contains an Active Directory domain.
You have a server named Server1 that runs Windows Server 2008 R2. Server1 is an enterprise root certification authority (CA).
You have a client computer named Computer1 that runs Windows 7.
You enable automatic certificate enrollment for all client computers that run Windows 7. You need to verify that the Windows 7 client computers can automatically enroll for certificates. Which command should you run on Computer1()
A.certreq.exe retrieve
B.certreq.exe submit
C.certutil.exe getkey
D.certutil.exe pulse
Your network contains an Active Directory domain. The relevant servers in the domain are configured as shown in the following table.
You need to ensure that all device certificate requests use the MD5 hash algorithm. What should you do()
A.On Server2, run the Certutil tool.
B.On Server1, update the CEP Encryption certificate template.
C.On Server1, update the Exchange Enrollment Agent (Offline Request) template.
D.On Server3, set the value of the HKLM\Software\Microsoft\Cryptography\MSCEP\ HashAlgorithm\HashAlgorithm registry key.
Certkiller .com has a server that runs on Windows Server 2008. The server also has an instance of Active Directory Lightweight Directory Services (AD LDS) running.
In order to test AD LDS, you need to replicate the AD LDS instance on a test computer located on the network.
What should you do to achieve this objective()
A.Execute AD LDS Setup wizard on the test computer to create and install a replica of AD LDS.
B.Execute repadmin/bs
C.Install and configure a new AD LDS instance on the test computer by copy and pasting the entire partition on the test computer
D.Execute the Dsmgmt command on the test computer and create a naming context
Certkiller .com has a main office and branch office in another city. You are assigned to deploy and implement a Read-only Domain Controller (RODC) at the branch office. You deploy a RODC that runs Windows Server 2008.
What should you do to ensure that the users at the branch office can log on to the domain using RODC()
A.Use Password Replication Policy on the RODC
B.Add RODC to the main office
C.Deploy and configure a new bridgehead server in the branch office
D.Deploy and configure a Password Replication Policy on the RODC in the main office
A.Open the Microsoft Management Console (MMC) and stop the Domain Controller service. After that,run the defrag tool
B.Start the domain controller in the Directory Service restore mode and run the Ntdsutil tool
C.Start the domain controller and then use the Defrag tool to start defragmentation
D.Open the MMC and stop the Domain Controller service. After that, run the Ntdsutil tool.
E.All of the above
最新试题
You remotely monitor several domain controllers. You run winrm.exe quickconfig on each domain controller. You need to create a WMI script query to retrieve information from the bios of each domain controller. Which format should you use to write the query()
What should you do()
Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication. Which two actions should you perform()
Your network contain 10 domain controller that run Windows Server R2. The network contain a member server that is configured to collect all of events that occur on the domain controllers. Your need to ensure that administrators are notified when a specific event occurs on any of the domain controllers. You want to achive the goal by using the minimum amount effort. What should you do()
You create a new Active Directory domain. The functional level of the domain is Windows Server 2008 R2. The domain contains five domain controllers. You need to monitor the replication of the group policy template files. Which tool should you use()
You need to receive an e-mail message whenever a domain user account is locked out. Which tool should you use()
You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents. You need to ensure that all of the recovery agent certificates can be used to recover all new private keys. What should you do()
Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Serever 2008 Standart. You need to install an enterprise subordinate certification authority (CA) that support private key archival. You must achieve this goal by using the minimum amount of administrative effort.What do you do first()
Your network contains an Active Directory domain that has two sites. You need to identify whether logon scripts are replicated to all domain controllers. Which folder should you verify()
Your network contains an Active Directory domain. The domain contains 1000 user accounts. You have a list that contains the mobile phone number of each user You need to add the mobile number of each user to Active Directory. What should you do()