Your network contains an Active Directory domain.
You have a server named Server1 that runs Windows Server 2008 R2. Server1 is an enterprise root certification authority (CA).
You have a client computer named Computer1 that runs Windows 7. You enable automatic certificate enrollment for all client computers that run Windows 7. You need to verify that the Windows 7 client computers can automatically enroll for certificates.
Which command should you run on Computer1()
A.certreq.exe -retrieve
B.certreq.exe -submit
C.certutil.exe -getkey
D.certutil.exe -pulse
您可能感兴趣的试卷
你可能感兴趣的试题
Your network contains an Active Directory domain. The relevant servers in the domain are configured as shown in the following table:
Server name Operating System Server role Server1 Windows 2008 Domain controller
Server2 Windows 2008 R2 Enterprise root certification authority (CA)
Server3 Windows 2008 R2 Network Device Enrollment Service (NDES)
You need to ensure that all device certificate requests use the MD5 hash algorithm.
What should you do()
A.On Server2, run the Certutil tool.
B.On Server1, update the CEP Encryption certificate template.
C.On Server1, update the Exchange Enrollment Agent (Offline Request) template.
D.On Server3, set the value of the HKLM\Software\Microsoft\Cryptography\MSCEP\HashAlgorithm\HashAlgorithm re
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008
Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA).
The relevant servers in the domain are configured as shown in the following table. Server name Operating system Server role
Server1 Windows Server 2003 Enterprise root CA Server2 Windows Server 2008 Enterprise subordinate CA
Server3 Windows Server 2008 R2
Web Server
You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate
Enrollment Web Service on the network.
What should you do()
A.Upgrade Server1 to Windows Server 2008 R2.
B.Upgrade Server2 to Windows Server 2008 R2.
C.Raise the functional level of the domain to Windows Server 2008.
D.Install the Windows Server 2008 R2 Active Directory Schema updates.
You have an enterprise subordinate certification authority (CA).
You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment.
You increase the template key length to 2,048 bits.
You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template.
Which console should you use()
A.Active Directory Administrative Center
B.Certification Authority
C.Certificate Templates
D.Group Policy Management
You have an enterprise subordinate certification authority (CA).
You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console.
The certificate template is unavailable for Web enrollment.
You need to ensure that the certificate template is available on the Web enrollment pages.
What should you do()
A.Run certutil.exe pulse.
B.Run certutil.exe installcert.
C.Change the certificate template to a Version 2 certificate template.
D.On the certificate template, assign the Autoenroll permission to the users.
You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template.
You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template.
Which two actions should you perform()
A.In a Group Policy object (GPO), configure the autoenrollment settings
B.In a Group Policy object (GPO), configure the Automatic Certificate Request Settings.
C.On the certificate template, assign the Read and Autoenroll permission to the Authenticated Users group.
D.On the certificate template, assign the Read, Enroll, and Autoenroll permission to the Domain Users group.
You have an enterprise subordinate certification authority (CA). The CA is configured to use a hardware security module.
You need to back up Active Directory Certificate Services on the CA.
Which command should you run()
A.certutil.exe backup
B.certutil.exe backupdb
C.certutil.exe backupkey
D.certutil.exe store
You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued.
The CA is configured to use two recovery agents.
You need to ensure that all of the recovery agent certificates can be used to recover all new private keys.
What should you do()
A.Add a data recovery agent to the Default Domain Policy.
B.Modify the value in the Number of recovery agents to use box.
C.Revoke the current key recovery agent certificates and issue three new key recovery agent certificates.
D.Assign the Issue and Manage Certificates permission to users who have the key recovery agent certificates.
You have an enterprise subordinate certification authority (CA).
You have a group named Group1.
You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1 must not be allowed to revoke certificates.
What should you do()
A.Add Group1 to the local Administrators group.
B.Add Group1 to the Certificate Publishers group.
C.Assign the Manage CA permission to Group1.
D.Assign the Issue and Manage Certificates permission to Group1.
Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA).
On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled.
You need to install an enterprise subordinate CA on the server.
What should you use to log on to the new server()
A.an account that is a member of the Certificate Publishers group in the child domain
B.an account that is a member of the Certificate Publishers group in the forest root domain
C.an account that is a member of the Schema Admins group in the forest root domain
D.an account that is a member of the Enterprise Admins group in the forest root domain
You install a standalone root certification authority (CA) on a server named Server1.
You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computers Trusted Root Certification Authorities store.
Which command should you run on Server1()
A.certreq.exe and specify the -accept parameter
B.certreq.exe and specify the -retrieve parameter
C.certutil.exe and specify the -dspublish parameter
D.certutil.exe and specify the -importcert parameter
最新试题
Your network contains two Active Directory forests named contoso.com and nwtraders.com. A two-way forest trust exists between contoso.com and nwtraders.com. The forest trust is configured to use selective authentication. Contoso.com contains a server named Server1. Server1 contains a shared folder named Marketing. Nwtraders.com contains a global group named G_Marketing. The Change share permission and the Modify NTFS permissions for the Marketing folder are assignes to the G_Marketing group. Members of G_Marketing report that they cannot accesss the Marketing folder. You need to ensure that the G_Marketing members can accesss the folder from the network. What should you do()
Your network contains a single Active Directory domain named contoso.com. An administrator accidentally deletes the _msdsc.contoso.com zone. You recreate the _msdsc.contoso.com zone. You need to ensure that the _msdsc.contoso.com zone contains all of the required DNS records. What should you do on each domain controller()
Your network contains three Active Directory forest named Forest1, Forest2, and Forest3. Each forest contains three domains. A two-way forest trust exists between Forest1 and Forest2. A two-way forest trust exists between Forest2 and Forest3. You need to configure the forest to meet the following requirements Users in Forest3 must be able to access resources in Forest1. Users in Forest1 must be able to access resources in Forest3. The number of trusts must be minimized. What should you do()
Your network contains an Active Directory forest. The forest contains an Acitve Directory site for a remote office. The remote site contains a read-only domain controller (RODC). You need to configure the RODC to store only the password of users in the remote site. What should you do()
Your network contains an Active Directory domain that contains five domain controllers. You have a management computer that runs Windows 7. From the Windows 7 computer, you need to view all account logon failures that occur in the domain. The information must be consolidated on one list. Which command should you run on each domain controller()
Your network contains an Active Directory domain named contoso.com. You have a management computer named Computer1 that runs Windows 7. You need to forward the logon events of all the domain controllers in contoso.com to Computer1. All new domain controllers must be dynamically added to the subscription. What should you do()
Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server()
You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform()
You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment. You increase the template key length to 2,048 bits. You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template. Which console should you use()
You install a standalone root certification authority (CA) on a server named Server1. You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computer’s Trusted Root Certification Authorities store. Which command should you run on Server1()