Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate Services (AD CS) is configured as a standalone Certification Authority (CA) on the server.
You need to audit changes to the CA configuration settings and the CA security settings.
Which two tasks should you perform()
A.Configure auditing in the Certification Authority snap-in.
B. Enable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32%\CertSrv directory.
C.Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%\CertLog directory.
D.Enable the Audit object access setting in the Local Security Policy for the Active Directory Certificate Services (AD CS) server.
您可能感兴趣的试卷
你可能感兴趣的试题
You have a Windows Server 2008 R2 Enterprise Root CA.
Security policy prevents port 443 and port 80 from being opened on domain controllers and on the issuing CA.
You need to allow users to request certificates from a Web interface. You install the Active Directory Certificate Services (AD CS) server role.
What should you do next()
A.Configure the Online Responder Role Service on a member server.
B.Configure the Online Responder Role Service on a domain controller.
C.Configure the Certificate Enrollment Web Service role service on a member server.
D.Configure the Certificate Enrollment Web Service role service on a domain controller.
You have a Windows Server 2008 R2 that has the Active Directory Certificate Services server role
installed.
You need to minimize the amount of time it takes for client computers to download a certificate revocation list (CRL).
What should you do()
A.Install and configure an Online Responder.
B.Install and configure an additional domain controller.
C.Import the Root CA certificate into the Trusted Root Certification Authorities store on all client workstations.
D.Import the Issuing CA certificate into the Trusted Root Certification Authorities store on all client workstations.
Your company has an Active Directory forest. You plan to install an Enterprise certification authority (CA) on a dedicated stand-alone server.
When you attempt to add the Active Directory Certificate Services (AD CS) server role, you find that the Enterprise CA option is not available.
You need to install the AD CS server role as an Enterprise CA.
What should you do first()
A.Add the DNS Server server role.
B.Join the server to the domain.
C.Add the Web Server (IIS) server role and the AD CS server role
D.Add the Active Directory Lightweight Directory Services (AD LDS) server role. .
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.
You need to capture all replication errors from all domain controllers to a central location. What should you do()
A.Configure event log subscriptions.
B.Start the System Performance data collector set.
C.Start the Active Directory Diagnostics data collector set.
D.Install Network Monitor and create a new capture.
Your network consists of a single Active Directory domain. All domain controllers run Windows
Server 2008 R2.
You need to identify the Lightweight Directory Access Protocol (LDAP) clients that are using the largest amount of available CPU resources on a domain controller.
What should you do()
A.Review performance data in Resource Monitor.
B.Review the Hardware Events log in the Event Viewer.
C.Run the LAN Diagnostics Data Collector Set. Review the LAN Diagnostics report.
D.Run the Active Directory Diagnostics Data Collector Set. Review the Active Directory Diagnostics report.
You need to validate whether Active Directory successfully replicated between two domain controllers.
What should you do()
A.Run the DSget command.
B.Run the Dsquery command.
C.Run the RepAdmin command.
D.Run the Windows System Resource Manager.
You create 200 new user accounts. The users are located in six different sites.
New users report that they receive the following error message when they try to log on: "The username or password is incorrect."
You confirm that the user accounts exist and are enabled. You also confirm that the user name and password information supplied are correct.
You need to identify the cause of the failure. You also need to ensure that the new users are able to log on.
Which utility should you run()
A.Rsdiag
B.Rstools
C.Repadmin
D.Active Directory Domains and Trusts
You need to identify all failed logon attempts on the domain controllers.
What should you do()
A.Run Event Viewer.
B.View the Netlogon.log file.
C.Run the Security Configuration Wizard.
D.iew the Security tab on the domain controller computer object.
A.Start the domain controller in the Directory Services restore mode. Run the Defrag utility.
B.Start the domain controller in the Directory Services restore mode. Run the Ntdsutil utility.
C.Stop the Domain Controller service in the Services (local) Microsoft Management Console (MMC). Run the Defrag utility.
D.Stop the Domain Controller service in the Services (local) Microsoft Management Console (MMC). Run the Ntdsutil utility.
You network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.
You need to reset the Directory Services Restore Mode (DSRM) password on a domain controller. What tool should you use()
A.dsmod
B.ntdsutil
C.Local Users and Groups snap-in
D.Active Directory Users and Computers snap-in
最新试题
You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents. You need to ensure that all of the recovery agent certificates can be used to recover all new private keys. What should you do()
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA). The relevant servers in the domain are configured as shown in the following table: Server name Operating system Server role Server1 Windows Server 2003 Enterprise root CA Server2 Windows Server 2008 Enterprise subordinate CA Server3 Windows Server 2008 R2 Web Server You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network. What should you do()
You need to receive an e-mail message whenever a domain user account is locked out. Which tool should you use()
Your network contains three Active Directory forest named Forest1, Forest2, and Forest3. Each forest contains three domains. A two-way forest trust exists between Forest1 and Forest2. A two-way forest trust exists between Forest2 and Forest3. You need to configure the forest to meet the following requirements Users in Forest3 must be able to access resources in Forest1. Users in Forest1 must be able to access resources in Forest3. The number of trusts must be minimized. What should you do()
Your network contains an Active Directory domain named contoso.com. All domain controllers and member servers run Windows Server 2008. All client computer run Windows 7. From a client computer, you create an audit policy by using the Advanced Audit Policy Configuration settings in the Default Domain Policy Group Policy object (GPO). You discover that the audit policy is not applied to the member servers. The audit policy is applied to the client computers. You need to ensure that the audit policy is applied to all member servers and all client computers. What should you do()
You install a standalone root certification authority (CA) on a server named Server1. You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computer’s Trusted Root Certification Authorities store. Which command should you run on Server1()
Your network contains an Active Directory domain controller named DC1. DDC1 runs Windows Server 2008 R2. You need to defragment the Active Directory database on DC1. The solution must minimize downtime on DC1. What should you do first()
Your network contains two Active Directory forests named contoso.com and nwtraders.com. A two-way forest trust exists between contoso.com and nwtraders.com. The forest trust is configured to use selective authentication. Contoso.com contains a server named Server1. Server1 contains a shared folder named Marketing. Nwtraders.com contains a global group named G_Marketing. The Change share permission and the Modify NTFS permissions for the Marketing folder are assignes to the G_Marketing group. Members of G_Marketing report that they cannot accesss the Marketing folder. You need to ensure that the G_Marketing members can accesss the folder from the network. What should you do()
Your network contains an Active Directory domain that has two sites. You need to identify whether logon scripts are replicated to all domain controllers. Which folder should you verify()
Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Serever 2008 Standart. You need to install an enterprise subordinate certification authority (CA) that support private key archival. You must achieve this goal by using the minimum amount of administrative effort.What do you do first()