Your company has two domain controllers that are configured as internal DNS servers. All zones on The safer , easier way to help you pass any IT exams. 6 / 90
the DNS servers are Active Directory-integrated zones. The zones allow all dynamic updates.
You discover that the contoso.com zone has multiple entries for the host names of computers that do not exist.
You need to configure the contoso.com zone to automatically remove expired records. What should you do()
A.Enable only secure updates on the contoso.com zone.
B.Enable scavenging and configure the refresh interval on the contoso.com zone.
C.From the Start of Authority tab, decrease the default refresh interval on the contoso.com zone.
D.From the Start of Authority tab, increase the default expiration interval on the contoso.com zone.
您可能感兴趣的试卷
你可能感兴趣的试题
Your company, Contoso, Ltd., has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named ad.contoso.com.
The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office.
DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primary zone.
You install a new domain controller named DC2 in the branch office. You install DNS on DC2.
You need to ensure that the DNS service can update records and resolve DNS queries in the event that a WAN link fails.
What should you do()
A.Create a new stub zone named ad.contoso.com on DC2.
B.Configure the DNS server on DC2 to forward requests to DC1.
C.Create a new secondary zone named ad.contoso.com on DC2.
D.Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.
Your network contains a server that runs Windows Server 2008 R2. The server is configured as an
enterprise root certification authority (CA).
You have a Web site that uses x.509 certificates for authentication. The Web site is configured to use a
many-to-one mapping.
You revoke a certificate issued to an external partner.
You need to prevent the external partner from accessing the Web site. What should you do()
A.Run certutil.exe -crl.
B.Run certutil.exe -delkey.
C.From Active Directory Users and Computers, modify the membership of the IIS_IUSRS group.
D.From Active Directory Users and Computers, modify the Contact object for the external partner.
You add an Online Responder to an Online Responder Array.
You need to ensure that the new Online Responder resolves synchronization conflicts for all members of the Array.
What should you do()
A.From Network Load Balancing Manager, set the priority ID of the new Online Responder to 1.
B.From Network Load Balancing Manager, set the priority ID of the new Online Responder to 32.
C.From the Online Responder Management Console, select the new Online Responder, and then select Set as Array Controller.
D.From the Online Responder Management Console, select the new Online Responder, and then select Synchronize Members with Array Controller.
You have an enterprise subordinate certification authority (CA). The CA issues smart card logon certificates.
Users are required to log on to the domain by using a smart card.
Your companys corporate security policy states that when an employee resigns, his ability to log on to the network must be immediately revoked.
An employee resigns.
You need to immediately prevent the employee from logging on to the domain. What should you do()
A.Revoke the employees smart card certificate.
B.Disable the employees Active Directory account.
C.Publish a new delta certificate revocation list (CRL).
D.Reset the password for the employees Active Directory account.
A.Run syskey.exe and use the Update option. T.he safer ,easier way to help you pass any IT exams. 4 / 90
B.Run sigverif.exe and use the Advanced option.
C.Run certutil.exe and specify the -verify parameter.
D.Run certreq.exe and specify the -retrieve parameter.
You have a server named Server1 that has the following Active Directory Certificate Services (AD CS)
role services installed:
( Enterprise root certification authority (CA)
.Certificate Enrollment Web Service
.Certificate Enrollment Policy Web Service
You create a new certificate template.
External users report that the new template is unavailable when they request a new certificate. You verify that all other templates are available to the external users.
You need to ensure that the external users can request certificates by using the new template. What should you do on Server1()
A.Run iisreset.exe /restart.
B.Run gpupdate.exe /force.
C.Run certutil.exe dspublish.
D.Restart the Active Directory Certificate Services service.
our network contains two Active Directory forests named contoso.com and adatum.com. The functional level of both forests is Windows Server 2008 R2. Each forest contains one domain. Active Directory Certificate Services (AD CS) is configured in the contoso.com forest to allow sers from
The safer , easier way to help you pass any IT exams. 3 / 90
both forests to automatically enroll user certificates.
You need to ensure that all users in the adatum.com forest have a user certificate from the contoso.com
certification authority (CA).
What should you configure in the adatum.com domain()
A.From the Default Domain Controllers Policy, modify the Enterprise Trust settings.
B.From the Default Domain Controllers Policy, modify the Trusted Publishers settings.
C.From the Default Domain Policy, modify the Certificate Enrollment policy.
D.From the Default Domain Policy, modify the Trusted Root Certification Authority settings.
Your network contains an Active Directory domain.
You have a server named Server1 that runs Windows Server 2008 R2. Server1 is an enterprise root certification authority (CA).
You have a client computer named Computer1 that runs Windows 7.
You enable automatic certificate enrollment for all client computers that run Windows 7. You need to verify that the Windows 7 client computers can automatically enroll for certificates. Which command should you run on Computer1()
A.certreq.exe retrieve
B.certreq.exe submit
C.certutil.exe getkey
D.certutil.exe pulse
Your network contains an Active Directory domain. The relevant servers in the domain are configured as shown in the following table.
You need to ensure that all device certificate requests use the MD5 hash algorithm. What should you do()
A.On Server2, run the Certutil tool.
B.On Server1, update the CEP Encryption certificate template.
C.On Server1, update the Exchange Enrollment Agent (Offline Request) template.
D.On Server3, set the value of the HKLM\Software\Microsoft\Cryptography\MSCEP\ HashAlgorithm\HashAlgorithm registry key.
Certkiller .com has a server that runs on Windows Server 2008. The server also has an instance of Active Directory Lightweight Directory Services (AD LDS) running.
In order to test AD LDS, you need to replicate the AD LDS instance on a test computer located on the network.
What should you do to achieve this objective()
A.Execute AD LDS Setup wizard on the test computer to create and install a replica of AD LDS.
B.Execute repadmin/bs
C.Install and configure a new AD LDS instance on the test computer by copy and pasting the entire partition on the test computer
D.Execute the Dsmgmt command on the test computer and create a naming context
最新试题
You have an enterprise subordinate certification authority (CA). You have a group named Group1. You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1 must not be allowed to revoke certificates. What should you do()
Your network contains an Active Directory domain. The domain contains a group named Group1. The minimum password lenght for the domain is set to six characters. you need to ensure that the passwords for all users in Group1 are at least 10 characters long. All other users must be able to use passwords that are six characters long. What should you do first()
Your network contains an Active Directory domain named contoso.com. You have a management computer named Computer1 that runs Windows 7. You need to forward the logon events of all the domain controllers in contoso.com to Computer1. All new domain controllers must be dynamically added to the subscription. What should you do()
Your network contains an Active Directory domain that has two sites. You need to identify whether logon scripts are replicated to all domain controllers. Which folder should you verify()
Your network contains a single Active Directory domain named contoso.com. An administrator accidentally deletes the _msdsc.contoso.com zone. You recreate the _msdsc.contoso.com zone. You need to ensure that the _msdsc.contoso.com zone contains all of the required DNS records. What should you do on each domain controller()
You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents. You need to ensure that all of the recovery agent certificates can be used to recover all new private keys. What should you do()
Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Serever 2008 Standart. You need to install an enterprise subordinate certification authority (CA) that support private key archival. You must achieve this goal by using the minimum amount of administrative effort.What do you do first()
Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication. Which two actions should you perform()
Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server()
You have a domain controller named Server1 that runs Windows Server 2008 R2. You need to determine the size of the Active Directory database on Server1. What should you do()