You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2. Server1 is configured as an enterprise root certification authority (CA).
You install the Online Responder role service on Server2. You need to configure Server1 to support the Online Responder.
What should you do()
A.Import the enterprise root CA certificate.
B.Configure the Certificate Revocation List Distribution Point extension.
C.Configure the Authority Information Access (AIA) extension.
D.Add the Server2 computer account to the CertPublishers group.
您可能感兴趣的试卷
你可能感兴趣的试题
You have a Windows Server 2008 R2 Enterprise Root certification authority (CA). You need to grant members of the Account Operators group the ability to only manage Basic EFS certificates.
You grant the Account Operators group the Issue and Manage Certificates permission on the CA .
Which three tasks should you perform next()
A.Enable the Restrict Enrollment Agents option on the CA .
B.Enable the Restrict Certificate Managers option on the CA .
C.Add the Basic EFS certificate template for the Account Operators group.
D.Grant the Account Operators group the Manage CA permission on the CA .
E.Remove all unnecessary certificate templates that are assigned to the Account Operators group.
Your company has an Active Directory domain.
You install an Enterprise Root certification authority (CA) on a member server named Server1. You need to ensure that only the Security Manager is authorized to revoke certificates that are supplied by Server1.
What should you do()
A.Remove the Request Certificates permission from the Domain Users group.
B.Remove the Request Certificates permission from the Authenticated Users group.
C.Assign the Allow - Manage CA permission to only the Security Manager user account.
D.Assign the Allow - Issue and Manage Certificates permission to only the Security Manager user account.
Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate Services (AD CS) is configured as a standalone Certification Authority (CA) on the server. You need to audit changes to the CA configuration settings and the CA security settings.
Which two tasks should you perform()
A.Configure auditing in the Certification Authority snap-in.
B.Enable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32%\CertSrv dire
C.Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%\CertLog directory.
D.Enable the Audit object access setting in the Local Security Policy for the Active Directory Certificate Services
You have a Windows Server 2008 R2 Enterprise Root CA . Security policy prevents port 443 and port 80 from being opened on domain controllers and on the issuing CA .
You need to allow users to request certificates from a Web interface. You install the Active Directory Certificate Services (AD CS) server role.
What should you do next()
A.Configure the Online Responder Role Service on a member server.
B.Configure the Online Responder Role Service on a domain controller.
C.Configure the Certificate Enrollment Web Service role service on a member server.
D.Configure the Certificate Enrollment Web Service role service on a domain controller.
You have a Windows Server 2008 R2 that has the Active Directory Certificate Services server role installed.
You need to minimize the amount of time it takes for client computers to download a certificate revocation list (CRL).
What should you do()
A.Install and configure an Online Responder.
B.Install and configure an additional domain controller.
C.Import the Root CA certificate into the Trusted Root Certification Authorities store on all client workstations.
D.Import the Issuing CA certificate into the Trusted Root Certification Authorities store on all client workstations.
Your company has an Active Directory forest. You plan to install an Enterprise certification authority (CA) on a dedicated stand-alone server.
When you attempt to add the Active Directory Certificate Services (AD CS) server role, you find that the Enterprise CA option is not available.
You need to install the AD CS server role as an Enterprise CA.
What should you do first()
A.Add the DNS Server server role.
B.Join the server to the domain.
C.Add the Web Server (IIS) server role and the AD CS server role.
D.Add the Active Directory Lightweight Directory Services (AD LDS) server role.
You have an Active Directory domain that runs Windows Server 2008 R2. You need to implement a certification authority (CA) server that meets the following requirements:
- Allows the certification authority to automatically issue certificates - Integrates with Active Directory Domain Services
What should you do()
A.Install and configure the Active Directory Certificate Services server role as a Standalone Root CA .
B.Install and configure the Active Directory Certificate Services server role as an Enterprise Root CA .
C.Purchase a certificate from a third-party certification authority. Install and configure the Active Directory Certificate S
D.Purchase a certificate from a third-party certification authority. Import the certificate into the computer store of the sc
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.
You need to capture all replication errors from all domain controllers to a central location.
What should you do()
A.Configure event log subscriptions.
B.Start the System Performance data collector set.
C.Start the Active Directory Diagnostics data collector set.
D.Install Network Monitor and create a new capture.
Your network consists of a single Active Directory domain.? All domain controllers run Windows Server 2008 R2.
You need to identify the Lightweight Directory Access Protocol (LDAP) clients that are using the largest amount of available CPU resources on a domain controller.
What should you do()
A.Review performance data in Resource Monitor.
B.Review the Hardware Events log in the Event Viewer.
C.Run the LAN Diagnostics Data Collector Set. Review the LAN Diagnostics report.
D.Run the Active Directory Diagnostics Data Collector Set. Review the Active Directory Diagnostics report
You need to validate whether Active Directory successfully replicated between two domain controllers.
What should you do()
A.Run the DSget command.
B.Run the Dsquery command.
C.Run the RepAdmin command.
D.Run the Windows System Resource Manager.
最新试题
Your network contains an Active Directory domain that has two sites. You need to identify whether logon scripts are replicated to all domain controllers. Which folder should you verify()
You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform()
Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server()
Your network contains an Active Directory domain that contains five domain controllers. You have a management computer that runs Windows 7. From the Windows 7 computer, you need to view all account logon failures that occur in the domain. The information must be consolidated on one list. Which command should you run on each domain controller()
Your network contains an Active Directory domain controller named DC1. DDC1 runs Windows Server 2008 R2. You need to defragment the Active Directory database on DC1. The solution must minimize downtime on DC1. What should you do first()
Your network contains an Active Directory domain named contoso.com. The domain contains five domain controllers.You add a logoff script to an existing Group Policy object (GPO). You need to verify that each domain controller successfully replicates the updated group policy. Which two objects should you verify on each domain controller()
Your network contains three Active Directory forest named Forest1, Forest2, and Forest3. Each forest contains three domains. A two-way forest trust exists between Forest1 and Forest2. A two-way forest trust exists between Forest2 and Forest3. You need to configure the forest to meet the following requirements Users in Forest3 must be able to access resources in Forest1. Users in Forest1 must be able to access resources in Forest3. The number of trusts must be minimized. What should you do()
You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment. You increase the template key length to 2,048 bits. You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template. Which console should you use()
You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment. You need to ensure that the certificate template is available on the Web enrollment pages. What should you do()
Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication. Which two actions should you perform()