You deploy a new Active Directory Federation Services (AD FS) federation server.
You request new certificates for the AD FS federation server.
You need to ensure that the AD FS federation server can use the new certificates.
To which certificate store should you import the certificates()
A.Computer
B.IIS Admin Service service account
C.Local Administrator
D.World Wide Web Publishing Service service account
您可能感兴趣的试卷
你可能感兴趣的试题
You deploy an Active Directory Federation Services (AD FS) Federation Service Proxy on a server named Server1.
You need to configure the Windows Firewall on Server1 to allow external users to authenticate by using AD FS.
Which inbound TCP port should you allow on Server1()
A.88
B.135
C.443
D.445
Your network contains a single Active Directory domain. The domain contains five read-only domain
controllers (RODCs) and five writable domain controllers. All servers run Windows Server 2008.
You plan to install a new RODC that runs Windows Server 2008 R2.
You need to ensure that you can add the new RODC to the domain. You want to achieve this goal by using the minimum amount of administrative effort.
Which two actions should you perform()
A.At the command prompt, run adprep.exe /rodcprep.
B.At the command prompt, run adprep.exe /forestprep.
C.At the command prompt, run adprep.exe /domainprep.
D.From Active Directory Domains and Trusts, raise the functional level of the domain.
E.From Active Directory Users and Computers, pre-stage the RODC computer account.
Your company has a main office and a branch office. The branch office has an Active Directory site that contains a read-only domain controller (RODC).
A user from the branch office reports that his account is locked out.
From a writable domain controller in the main office, you discover that the users account is not locked out.
You need to ensure that the user can log on to the domain.
What should you do()
A.Modify the Password Replication Policy.
B.Reset the password of the user account.
C.Run the Knowledge Consistency Checker (KCC) on the RODC.
D.Restore network communication between the branch office and the main office.
Your network contains an Active Directory domain named contoso.com.
The network has a branch office site that contains a read-only domain controller (RODC) named RODC1.
RODC1 runs Windows Server 2008 R2.
A user named User1 logs on to a computer in the branch office site.
You discover that the password of User1 is not stored on RODC1.
You need to ensure that User1’s password is stored on RODC1.
What should you modify()
A.the Member Of properties of RODC1
B.the Member Of properties of User1
C.the Security properties of RODC1
D.the Security properties of User1
Your company has a main office and a branch office. The network contains an Active Directory domain.
The main office contains a writable domain controller named DC1. The branch office contains a read-only domain controller (RODC) named DC2.
You discover that the password of an administrator named Admin1 is cached on DC2. You need to prevent Admin1s password from being cached on DC2.
What should you do()
A.Modify the NTDS Site Settings.
B.Modify the properties of the domain.
C.Create a Password Setting object (PSO).
D.Modify the properties of DC2s computer account.
Your network contains an Active Directory domain. The domain contains two sites named Site1 and Site2. Site1 contains four domain controllers. Site2 contains a read-only domain controller (RODC).
You add a user named User1 to the Allowed RODC Password Replication Group.
The WAN link between Site1 and Site2 fails.
User1 restarts his computer and reports that he is unable to log on to the domain.
The WAN link is restored and User1 reports that he is able to log on to the domain. You need to prevent the problem from reoccurring if the WAN link fails.
What should you do()
A.Create a Password Settings object (PSO) and link the PSO to User1’s user account.
B.Create a Password Settings object (PSO) and link the PSO to the Domain Users group.
C.Add the computer account of the RODC to the Allowed RODC Password Replication Group.
D.Add the computer account of User1’s computer to the Allowed RODC Password Replication Group.
You install a read-only domain controller (RODC) named RODC1.
You need to ensure that a user named User1 can administer RODC1. The solution must minimize the number of permissions assigned to User1.
Which tool should you use()
A.Active Directory Administrative Center
B.Active Directory Users and Computers
C.Dsadd
D.Dsmgmt
Your company has a main office and a branch office. The branch office contains a read-only domain controller named RODC1.
You need to ensure that a user named Admin1 can install updates on RODC1. The solution must prevent Admin1 from logging on to other domain controllers.
What should you do()
A.Run ntdsutil.exe and use the Roles option.
B.Run dsmgmt.exe and use the Local Roles option.
C.From Active Directory Sites and Services, modify the NTDS Site Settings.
D.From Active Directory Users and Computers, add the user to the Server Operators group.
Your network contains an Active Directory Rights Management Services (AD RMS) cluster.
You have several custom policy templates. The custom policy templates are updated frequently.
Some users report that it takes as many as 30 days to receive the updated policy templates.
You need to ensure that users receive the updated custom policy templates within seven days.
What should you do()
A.Modify the registry on the AD RMS servers.
B.Modify the registry on the users computers.
C.Change the schedule of the AD RMS Rights Policy Template Management (Manual) scheduled task.
D.Change the schedule of the AD RMS Rights Policy Template Management (Automated) scheduled task.
Your network contains a server named Server1. The Active Directory Rights Management Services (AD RMS) server role is installed on Server1.
An administrator changes the password of the user account that is used by AD RMS. You need to update AD RMS to use the new password.
Which console should you use()
A.Active Directory Rights Management Services
B.Active Directory Users and Computers
C.Component Services
D.Services
最新试题
You remotely monitor several domain controllers. You run winrm.exe quickconfig on each domain controller. You need to create a WMI script query to retrieve information from the bios of each domain controller. Which format should you use to write the query()
You need to receive an e-mail message whenever a domain user account is locked out. Which tool should you use()
Your network contains an Active Directory domain named contoso.com. All domain controllers and member servers run Windows Server 2008. All client computer run Windows 7. From a client computer, you create an audit policy by using the Advanced Audit Policy Configuration settings in the Default Domain Policy Group Policy object (GPO). You discover that the audit policy is not applied to the member servers. The audit policy is applied to the client computers. You need to ensure that the audit policy is applied to all member servers and all client computers. What should you do()
Your network contains an Active Directory domain. The domain contains 1000 user accounts. You have a list that contains the mobile phone number of each user You need to add the mobile number of each user to Active Directory. What should you do()
What should you do()
Your network contains three Active Directory forest named Forest1, Forest2, and Forest3. Each forest contains three domains. A two-way forest trust exists between Forest1 and Forest2. A two-way forest trust exists between Forest2 and Forest3. You need to configure the forest to meet the following requirements Users in Forest3 must be able to access resources in Forest1. Users in Forest1 must be able to access resources in Forest3. The number of trusts must be minimized. What should you do()
You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment. You need to ensure that the certificate template is available on the Web enrollment pages. What should you do()
Your network contains two Active Directory forests named contoso.com and nwtraders.com. A two-way forest trust exists between contoso.com and nwtraders.com. The forest trust is configured to use selective authentication. Contoso.com contains a server named Server1. Server1 contains a shared folder named Marketing. Nwtraders.com contains a global group named G_Marketing. The Change share permission and the Modify NTFS permissions for the Marketing folder are assignes to the G_Marketing group. Members of G_Marketing report that they cannot accesss the Marketing folder. You need to ensure that the G_Marketing members can accesss the folder from the network. What should you do()
Your network contains an Active Directory domain. A user named User1 takes a leave of absence for one year. You need to restrict access to the User1 user account while User1 is away. What should you do()
Your network contains an Active Directory forest. The forest contains two domain controllers. The domain controllers are configured as shown in the following table. All client computers run Windows 7. You need to ensure that all client computers in the domain keep the same time as an external time server. What should you do()