You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued.
The CA is configured to use two recovery agents.
You need to ensure that all of the recovery agent certificates can be used to recover all new private keys.
What should you do()
A.Add a data recovery agent to the Default Domain Policy.
B.Modify the value in the Number of recovery agents to use box.
C.Revoke the current key recovery agent certificates and issue three new key recovery agent certificates.
D.Assign the Issue and Manage Certificates permission to users who have the key recovery agent certificates.
您可能感兴趣的试卷
你可能感兴趣的试题
You have an enterprise subordinate certification authority (CA).
You have a group named Group1.
You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1 must not be allowed to revoke certificates.
What should you do()
A.Add Group1 to the local Administrators group.
B.Add Group1 to the Certificate Publishers group.
C.Assign the Manage CA permission to Group1.
D.Assign the Issue and Manage Certificates permission to Group1.
Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA).
On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled.
You need to install an enterprise subordinate CA on the server.
What should you use to log on to the new server()
A.an account that is a member of the Certificate Publishers group in the child domain
B.an account that is a member of the Certificate Publishers group in the forest root domain
C.an account that is a member of the Schema Admins group in the forest root domain
D.an account that is a member of the Enterprise Admins group in the forest root domain
You install a standalone root certification authority (CA) on a server named Server1.
You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computers Trusted Root Certification Authorities store.
Which command should you run on Server1()
A.certreq.exe and specify the -accept parameter
B.certreq.exe and specify the -retrieve parameter
C.certutil.exe and specify the -dspublish parameter
D.certutil.exe and specify the -importcert parameter
Your network contains an Active Directory domain that has two sites.
You need to identify whether logon scripts are replicated to all domain controllers.
Which folder should you verify()
A.GroupPolicy
B.NTDS
C.SoftwareDistribution
D.SYSVOL
Your network contains an Active Directory domain named contoso.com. You have a management computer named Computer1 that runs Windows 7.
You need to forward the logon events of all the domain controllers in contoso.com to Computer1. All new domain controllers must be dynamically added to the subscription.
What should you do()
A.From Computer1, configure source-initiated event subscriptions. From a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU), configure the Event Forwarding node.
B.From Computer1, configure collector-initiated event subscriptions. From a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU), configure the Event Forwarding node.
C.From Computer1, configure source-initiated event subscriptions. Install a serverauthentication certificate on Computer1. Implement autoenrollment for the Domain Controllers organizational unit (OU).
D.From Computer1, configure collector-initiated event subscriptions. Install a server authentication certificate on Computer1. Implement autoenrollment for the Domain Controllers organizational unit (OU).
You need to receive an e-mail message whenever a domain user account is locked out.
Which tool should you use()
A.Active Directory Administrative Center
B.Event Viewer
C.Resource Monitor
D.Security Configuration Wizard
You have a domain controller named Server1 that runs Windows Server 2008 R2. You need to determine the size of the Active Directory database on Server1.
What should you do()
A.Run the Active Directory Sizer tool.
B.Run the Active Directory Diagnostics data collector set.
C.From Windows Explorer, view the properties of the %systemroot%\ntds\ntds.dit file.
D.From Windows Explorer, view the properties of the %systemroot%\sysvol\domain folder.
You create a new Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains five domain controllers that run Windows Server 2008 R2. You need to monitor the replication of the group policy template files.
Which tool should you use()
A.Dfsrdiag
B.Fsutil
C.Ntdsutil
D.Ntfrsutl
You create a new Active Directory domain. The functional level of the domain is Windows Server 2008 R2. The domain contains five domain controllers.
You need to monitor the replication of the group policy template files.
Which tool should you use()
A.Dfsrdiag
B.Fsutil
C.Ntdsutil
D.Ntfrsutl
Your network contains an Active Directory domain that contains five domain controllers. You have a management computer that runs Windows 7.
From the Windows 7 computer, you need to view all account logon failures that occur in the domain. The information must be consolidated on one list.
Which command should you run on each domain controller()
A.Wecutil.exe qc
B.Wevtutil.exe gli
C.Winrm.exe quickconfig
D.Winrshost.exe
最新试题
Your network contains an Active Directory domain. A user named User1 takes a leave of absence for one year. You need to restrict access to the User1 user account while User1 is away. What should you do()
Your network contains an Active Directory domain that contains five domain controllers. You have a management computer that runs Windows 7. From the Windows 7 computer, you need to view all account logon failures that occur in the domain. The information must be consolidated on one list. Which command should you run on each domain controller()
You create a new Active Directory domain. The functional level of the domain is Windows Server 2008 R2. The domain contains five domain controllers. You need to monitor the replication of the group policy template files. Which tool should you use()
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA). The relevant servers in the domain are configured as shown in the following table: Server name Operating system Server role Server1 Windows Server 2003 Enterprise root CA Server2 Windows Server 2008 Enterprise subordinate CA Server3 Windows Server 2008 R2 Web Server You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network. What should you do()
Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server()
You need to compact an Active Directory database on a domain controller that runs windows Server 2008 R2. What should you do()
Your network contains an Active Directory domain named contoso.com. You have a management computer named Computer1 that runs Windows 7. You need to forward the logon events of all the domain controllers in contoso.com to Computer1. All new domain controllers must be dynamically added to the subscription. What should you do()
You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment. You increase the template key length to 2,048 bits. You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template. Which console should you use()
Your network contains an Active Directory domain. All domain controller run Windows Server 2003. You replace all domain controllers with domain controllers that run Windows Server 2008 R2. You raise the functional level of the domain to Windows Server 2008 R2. You need to minimize the amount of SYSVOL replication traffic on the network. What should you do()
Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Serever 2008 Standart. You need to install an enterprise subordinate certification authority (CA) that support private key archival. You must achieve this goal by using the minimum amount of administrative effort.What do you do first()