Your network contains a server that runs Windows Server 2008 R2. The server is configured as an enterprise root certification authority (CA).
You have a Web site that uses x.509 certificates for authentication. The Web site is configured to use a many-to-one mapping.
You revoke a certificate issued to an external partner. You need to prevent the external partner from accessing the Web site.
What should you do()
A.Run certutil.exe -crl.
B.Run certutil.exe -delkey.
C.From Active Directory Users and Computers, modify the membership of the IIS_IUSRS group.
D.From Active Directory Users and Computers, modify the Contact object for the external partner.
您可能感兴趣的试卷
你可能感兴趣的试题
You add an Online Responder to an Online Responder Array. You need to ensure that the new Online Responder resolves synchronization conflicts for all members of the Array.
What should you do()
A.From Network Load Balancing Manager, set the priority ID of the new Online Responder to 1.
B.From Network Load Balancing Manager, set the priority ID of the new Online Responder to 32.
C.From the Online Responder Management Console, select the new Online Responder, and then select Set as Array
D.From the Online Responder Management Console, select the new Online Responder, and then select Synchronize
You have an enterprise subordinate certification authority (CA). The CA issues smart card logon certificates.
Users are required to log on to the domain by using a smart card. Your company’s corporate security policy states that when an employee resigns, his ability to log on to the network must be immediately revoked.
An employee resigns. You need to immediately prevent the employee from logging on to the domain.
What should you do()
A.Revoke the employee’s smart card certificate.
B.Disable the employee’s Active Directory account.
C.Publish a new delta certificate revocation list (CRL).
D.Reset the password for the employee’s Active Directory account.
Your network contains an enterprise root certification authority (CA). You need to ensure that a certificate issued by the CA is valid.
What should you do()
A.Run syskey.exe and use the Update option.
B.Run sigverif.exe and use the Advanced option.
C.Run certutil.exe and specify the -verify parameter.
D.Run certreq.exe and specify the -retrieve parameter.
You have a server named Server1 that has the following Active Directory Certificate Services (AD CS) role services installed:
-Enterprise root certification authority (CA) -Certificate Enrollment Web Service -Certificate Enrollment Policy Web Service
You create a new certificate template.
External users report that the new template is unavailable when they request a new certificate. You verify that all other templates are available to the external users.
You need to ensure that the external users can request certificates by using the new template.
What should you do on Server1()
A.Run iisreset.exe /restart.
B.Run gpupdate.exe /force.
C.Run certutil.exe -dspublish.
D.Restart the Active Directory Certificate Services service.
Your network contains two Active Directory forests named contoso.com and adatum.com. The functional level of both forests is Windows Server 2008 R2. Each forest contains one domain. Active Directory Certificate Services (AD CS) is configured in the contoso.com forest to allow users from both forests to automatically enroll user certificates.
You need to ensure that all users in the adatum.com forest have a user certificate from the contoso.com certification authority (CA).
What should you configure in the adatum.com domain()
A.From the Default Domain Controllers Policy, modify the Enterprise Trust settings.
B.From the Default Domain Controllers Policy, modify the Trusted Publishers settings.
C.From the Default Domain Policy, modify the Certificate Enrollment policy.
D.From the Default Domain Policy, modify the Trusted Root Certification Authority settings.
Your network contains an Active Directory domain.
You have a server named Server1 that runs Windows Server 2008 R2. Server1 is an enterprise root certification authority (CA).
You have a client computer named Computer1 that runs Windows 7. You enable automatic certificate enrollment for all client computers that run Windows 7. You need to verify that the Windows 7 client computers can automatically enroll for certificates.
Which command should you run on Computer1()
A.certreq.exe -retrieve
B.certreq.exe -submit
C.certutil.exe -getkey
D.certutil.exe -pulse
Your network contains an Active Directory domain. The relevant servers in the domain are configured as shown in the following table:
Server name Operating System Server role Server1 Windows 2008 Domain controller
Server2 Windows 2008 R2 Enterprise root certification authority (CA)
Server3 Windows 2008 R2 Network Device Enrollment Service (NDES)
You need to ensure that all device certificate requests use the MD5 hash algorithm.
What should you do()
A.On Server2, run the Certutil tool.
B.On Server1, update the CEP Encryption certificate template.
C.On Server1, update the Exchange Enrollment Agent (Offline Request) template.
D.On Server3, set the value of the HKLM\Software\Microsoft\Cryptography\MSCEP\HashAlgorithm\HashAlgorithm re
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008
Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA).
The relevant servers in the domain are configured as shown in the following table. Server name Operating system Server role
Server1 Windows Server 2003 Enterprise root CA Server2 Windows Server 2008 Enterprise subordinate CA
Server3 Windows Server 2008 R2
Web Server
You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate
Enrollment Web Service on the network.
What should you do()
A.Upgrade Server1 to Windows Server 2008 R2.
B.Upgrade Server2 to Windows Server 2008 R2.
C.Raise the functional level of the domain to Windows Server 2008.
D.Install the Windows Server 2008 R2 Active Directory Schema updates.
You have an enterprise subordinate certification authority (CA).
You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment.
You increase the template key length to 2,048 bits.
You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template.
Which console should you use()
A.Active Directory Administrative Center
B.Certification Authority
C.Certificate Templates
D.Group Policy Management
You have an enterprise subordinate certification authority (CA).
You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console.
The certificate template is unavailable for Web enrollment.
You need to ensure that the certificate template is available on the Web enrollment pages.
What should you do()
A.Run certutil.exe pulse.
B.Run certutil.exe installcert.
C.Change the certificate template to a Version 2 certificate template.
D.On the certificate template, assign the Autoenroll permission to the users.
最新试题
Your network contains an Active Directory domain named contoso.com. The domain contains five domain controllers.You add a logoff script to an existing Group Policy object (GPO). You need to verify that each domain controller successfully replicates the updated group policy. Which two objects should you verify on each domain controller()
You have an enterprise subordinate certification authority (CA). The CA is configured to use a hardware security module. You need to back up Active Directory Certificate Services on the CA. Which command should you run()
You install a standalone root certification authority (CA) on a server named Server1. You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computer’s Trusted Root Certification Authorities store. Which command should you run on Server1()
Your network contains three Active Directory forest named Forest1, Forest2, and Forest3. Each forest contains three domains. A two-way forest trust exists between Forest1 and Forest2. A two-way forest trust exists between Forest2 and Forest3. You need to configure the forest to meet the following requirements Users in Forest3 must be able to access resources in Forest1. Users in Forest1 must be able to access resources in Forest3. The number of trusts must be minimized. What should you do()
You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents. You need to ensure that all of the recovery agent certificates can be used to recover all new private keys. What should you do()
You need to compact an Active Directory database on a domain controller that runs windows Server 2008 R2. What should you do()
You have an enterprise subordinate certification authority (CA). You have a group named Group1. You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1 must not be allowed to revoke certificates. What should you do()
Your network contains an Active Directory forest. The forest contains two domain controllers. The domain controllers are configured as shown in the following table. All client computers run Windows 7. You need to ensure that all client computers in the domain keep the same time as an external time server. What should you do()
Your network contains an Active Directory domain. The domain contains 1000 user accounts. You have a list that contains the mobile phone number of each user You need to add the mobile number of each user to Active Directory. What should you do()
You create a new Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains five domain controllers that run Windows Server 2008 R2. You need to monitor the replication of the group policy template files. Which tool should you use()