You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2. Server1 is configured as an Enterprise Root certification authority (CA). You install the Online Responder role service on Server2.
You need to configure Server2 to issue certificate revocation lists (CRLs) for the enterprise root CA.
Which two tasks should you perform()
A.Import the enterprise root CA certificate.
B.Import the OCSP Response Signing certificate.
C.Add the Server1 computer account to the CertPublishers group.
D.Set the Startup Type of the Certificate Propagation service to Automatic.
您可能感兴趣的试卷
你可能感兴趣的试题
Your company has an Active Directory domain. You have a two-tier PKI infrastructure that contains an offline root CA and an online issuing CA. The Enterprise certification authority is running Windows Server 2008 R2.
You need to ensure users are able to enroll new certificates.
What should you do()
A.Renew the Certificate Revocation List (CRL) on the root CA . Copy the CRL to the CertEnroll folder on the issuing C
B.Renew the Certificate Revocation List (CRL) on the issuing CA . Copy the CRL to the SystemCertificates folder in th
C.Import the root CA certificate into the Trusted Root Certification Authorities store on all client workstations.
D.Import the issuing CA certificate into the Intermediate Certification Authorities store on all client workstations.
Your company has an Active Directory domain. All servers run Windows Server 2008 R2.
Your company uses an Enterprise Root certificate authority (CA). You need to ensure that revoked certificate information is highly available.
What should you do()
A.Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.
B.Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration S
C.Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).
D.Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.
Your network consists of a single Active Directory domain. The functional level of the forest is Windows Server 2008 R2.
You need to create multiple password policies for users in your domain.
What should you do()
A.From the Active Directory Schema snap-in, create multiple class schema objects.
B.From the ADSI Edit snap-in, create multiple Password Setting objects.
C.From the Security Configuration Wizard, create multiple security policies.
D.From the Group Policy Management snap-in, create multiple Group Policy objects.
Your company has an Active Directory domain.
You plan to install the Active Directory Certificate Services (AD CS) server role on a member server that runs Windows Server 2008 R2.
You need to ensure that members of the Account Operators group are able to issue smartcard credentials. They should not be able to revoke certificates.
Which three actions should you perform()
A.Install the AD CS server role and configure it as an Enterprise Root CA .
B.Install the AD CS server role and configure it as a Standalone CA .
C.Restrict enrollment agents for the Smartcard logon certificate to the Account Operator group.
D.Restrict certificate managers for the Smartcard logon certificate to the Account Operator group.
E.Create a Smartcard logon certificate.
F.Create an Enrollment Agent certificate.
Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA.
The Enterprise Intermediate CA certificate expires.
You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain.
What should you do()
A.Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.
B.Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.
C.Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group policy ob
D.Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.
Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company runs an Enterprise Root certification authority (CA).
You need to ensure that only administrators can sign code.
Which two tasks should you perform()
A.Publish the code signing template.
B.Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and allow only admi
C.Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted Publishers.
D.Modify the security settings on the template to allow only administrators to request code signing certificates.
You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2. Server1 is configured as an enterprise root certification authority (CA).
You install the Online Responder role service on Server2. You need to configure Server1 to support the Online Responder.
What should you do()
A.Import the enterprise root CA certificate.
B.Configure the Certificate Revocation List Distribution Point extension.
C.Configure the Authority Information Access (AIA) extension.
D.Add the Server2 computer account to the CertPublishers group.
You have a Windows Server 2008 R2 Enterprise Root certification authority (CA). You need to grant members of the Account Operators group the ability to only manage Basic EFS certificates.
You grant the Account Operators group the Issue and Manage Certificates permission on the CA .
Which three tasks should you perform next()
A.Enable the Restrict Enrollment Agents option on the CA .
B.Enable the Restrict Certificate Managers option on the CA .
C.Add the Basic EFS certificate template for the Account Operators group.
D.Grant the Account Operators group the Manage CA permission on the CA .
E.Remove all unnecessary certificate templates that are assigned to the Account Operators group.
Your company has an Active Directory domain.
You install an Enterprise Root certification authority (CA) on a member server named Server1. You need to ensure that only the Security Manager is authorized to revoke certificates that are supplied by Server1.
What should you do()
A.Remove the Request Certificates permission from the Domain Users group.
B.Remove the Request Certificates permission from the Authenticated Users group.
C.Assign the Allow - Manage CA permission to only the Security Manager user account.
D.Assign the Allow - Issue and Manage Certificates permission to only the Security Manager user account.
Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate Services (AD CS) is configured as a standalone Certification Authority (CA) on the server. You need to audit changes to the CA configuration settings and the CA security settings.
Which two tasks should you perform()
A.Configure auditing in the Certification Authority snap-in.
B.Enable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32%\CertSrv dire
C.Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%\CertLog directory.
D.Enable the Audit object access setting in the Local Security Policy for the Active Directory Certificate Services
最新试题
Your network contains two Active Directory forests named contoso.com and nwtraders.com. A two-way forest trust exists between contoso.com and nwtraders.com. The forest trust is configured to use selective authentication. Contoso.com contains a server named Server1. Server1 contains a shared folder named Marketing. Nwtraders.com contains a global group named G_Marketing. The Change share permission and the Modify NTFS permissions for the Marketing folder are assignes to the G_Marketing group. Members of G_Marketing report that they cannot accesss the Marketing folder. You need to ensure that the G_Marketing members can accesss the folder from the network. What should you do()
Your network contains an Active Directory domain named contoso.com. You have a management computer named Computer1 that runs Windows 7. You need to forward the logon events of all the domain controllers in contoso.com to Computer1. All new domain controllers must be dynamically added to the subscription. What should you do()
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA). The relevant servers in the domain are configured as shown in the following table: Server name Operating system Server role Server1 Windows Server 2003 Enterprise root CA Server2 Windows Server 2008 Enterprise subordinate CA Server3 Windows Server 2008 R2 Web Server You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network. What should you do()
You install a standalone root certification authority (CA) on a server named Server1. You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computer’s Trusted Root Certification Authorities store. Which command should you run on Server1()
You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform()
What should you do()
You create a new Active Directory domain. The functional level of the domain is Windows Server 2008 R2. The domain contains five domain controllers. You need to monitor the replication of the group policy template files. Which tool should you use()
Your network contains an Active Directory domain controller named DC1. DDC1 runs Windows Server 2008 R2. You need to defragment the Active Directory database on DC1. The solution must minimize downtime on DC1. What should you do first()
You have an enterprise subordinate certification authority (CA). You have a group named Group1. You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1 must not be allowed to revoke certificates. What should you do()
Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication. Which two actions should you perform()