Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your
company uses an Enterprise Root certificate authority (CA).
You need to ensure that revoked certificate information is highly available.
What should you do()
A.Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.
B.Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration Server array.
C.Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).
D.Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.
您可能感兴趣的试卷
你可能感兴趣的试题
Your network consists of a single Active Directory domain. The functional level of the forest is Windows Server 2008 R2.
You need to create multiple password policies for users in your domain.
What should you do()
A.From the Active Directory Schema snap-in, create multiple class schema objects.
B.From the ADSI Edit snap-in, create multiple Password Setting objects.
C.From the Security Configuration Wizard, create multiple security policies.
D.From the Group Policy Management snap-in, create multiple Group Policy objects.
Your company has an Active Directory domain. All servers run Windows Server 2008 R2.
Your company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA. The Enterprise Intermediate CA certificate expires.
You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain.
What should you do()
A.Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.
B.Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.
C.Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group policy object.
D.Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.
Your company has an Active Directory domain. All servers run Windows Server 2008 R2.
Your company runs an Enterprise Root certification authority (CA).
You need to ensure that only administrators can sign code.
Which two task should you perform()
A.Publish the code signing template.
B.Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and allow only administrators to apply the policy.
C.Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted Publishers.
D.Modify the security settings on the template to allow only administrators to request code signing certificates.
You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2.
Server1 is configured as an enterprise root certification authority (CA).
You install the Online Responder role service on Server2.
You need to configure Server1 to support the Online Responder.
What should you do()
A.Import the enterprise root CA certificate.
B.Configure the Certificate Revocation List Distribution Point extension.
C.Configure the Authority Information Access (AIA) extension.
D.Add the Server2 computer account to the CertPublishers group.
Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate Services (AD CS) is configured as a standalone Certification Authority (CA) on the server.
You need to audit changes to the CA configuration settings and the CA security settings.
Which two tasks should you perform()
A.Configure auditing in the Certification Authority snap-in.
B. Enable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32%\CertSrv directory.
C.Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%\CertLog directory.
D.Enable the Audit object access setting in the Local Security Policy for the Active Directory Certificate Services (AD CS) server.
You have a Windows Server 2008 R2 Enterprise Root CA.
Security policy prevents port 443 and port 80 from being opened on domain controllers and on the issuing CA.
You need to allow users to request certificates from a Web interface. You install the Active Directory Certificate Services (AD CS) server role.
What should you do next()
A.Configure the Online Responder Role Service on a member server.
B.Configure the Online Responder Role Service on a domain controller.
C.Configure the Certificate Enrollment Web Service role service on a member server.
D.Configure the Certificate Enrollment Web Service role service on a domain controller.
You have a Windows Server 2008 R2 that has the Active Directory Certificate Services server role
installed.
You need to minimize the amount of time it takes for client computers to download a certificate revocation list (CRL).
What should you do()
A.Install and configure an Online Responder.
B.Install and configure an additional domain controller.
C.Import the Root CA certificate into the Trusted Root Certification Authorities store on all client workstations.
D.Import the Issuing CA certificate into the Trusted Root Certification Authorities store on all client workstations.
Your company has an Active Directory forest. You plan to install an Enterprise certification authority (CA) on a dedicated stand-alone server.
When you attempt to add the Active Directory Certificate Services (AD CS) server role, you find that the Enterprise CA option is not available.
You need to install the AD CS server role as an Enterprise CA.
What should you do first()
A.Add the DNS Server server role.
B.Join the server to the domain.
C.Add the Web Server (IIS) server role and the AD CS server role
D.Add the Active Directory Lightweight Directory Services (AD LDS) server role. .
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.
You need to capture all replication errors from all domain controllers to a central location. What should you do()
A.Configure event log subscriptions.
B.Start the System Performance data collector set.
C.Start the Active Directory Diagnostics data collector set.
D.Install Network Monitor and create a new capture.
Your network consists of a single Active Directory domain. All domain controllers run Windows
Server 2008 R2.
You need to identify the Lightweight Directory Access Protocol (LDAP) clients that are using the largest amount of available CPU resources on a domain controller.
What should you do()
A.Review performance data in Resource Monitor.
B.Review the Hardware Events log in the Event Viewer.
C.Run the LAN Diagnostics Data Collector Set. Review the LAN Diagnostics report.
D.Run the Active Directory Diagnostics Data Collector Set. Review the Active Directory Diagnostics report.
最新试题
You need to compact an Active Directory database on a domain controller that runs windows Server 2008 R2. What should you do()
Your network contains an Active Directory domain that has two sites. You need to identify whether logon scripts are replicated to all domain controllers. Which folder should you verify()
Your network contains an Active Directory forest. The forest contains two domain controllers. The domain controllers are configured as shown in the following table. All client computers run Windows 7. You need to ensure that all client computers in the domain keep the same time as an external time server. What should you do()
Your network contains an Active Directory domain. A user named User1 takes a leave of absence for one year. You need to restrict access to the User1 user account while User1 is away. What should you do()
You create a new Active Directory domain. The functional level of the domain is Windows Server 2008 R2. The domain contains five domain controllers. You need to monitor the replication of the group policy template files. Which tool should you use()
Your network contains an Active Directory domain that contains five domain controllers. You have a management computer that runs Windows 7. From the Windows 7 computer, you need to view all account logon failures that occur in the domain. The information must be consolidated on one list. Which command should you run on each domain controller()
You create a new Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains five domain controllers that run Windows Server 2008 R2. You need to monitor the replication of the group policy template files. Which tool should you use()
Your network contains an Active Directory domain. The domain contains a group named Group1. The minimum password lenght for the domain is set to six characters. you need to ensure that the passwords for all users in Group1 are at least 10 characters long. All other users must be able to use passwords that are six characters long. What should you do first()
You need to receive an e-mail message whenever a domain user account is locked out. Which tool should you use()
Your network contains an Active Directory domain named contoso.com. Contoso.com contains three servers.The servers are configure as shown in the following table. Server name Server roel Service Server1 Certification authority (CA) Server2 Certificate Enrollment Web Service Server3 Certificate Enrollment Policy Web Service You need to ensure that users can manually enroll and renew their certificates by using the Certificate Enrollment Web Service. Which two actions should you perform()