Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Serever 2008 Standart.
You need to install an enterprise subordinate certification authority (CA) that support private key archival. You must achieve this goal by using the minimum amount of administrative effort.
What do you do first()
A.Initialize the Trusted Platform Module (TPM)
B.Upgrade the menber server to Windows Server 2008 R2 Standard.
C.Install the Certificate Enrollment Policy Web Service role service on the member server.
D.Run the Security Configuration Wizard (SCW) and select the Active Directory Certificate Services - Certification
您可能感兴趣的试卷
你可能感兴趣的试题
Your network contains an Active Directory domain named contoso.com. Contoso.com contains three servers.The servers are configure as shown in the following table.
Server name Server roel Service
Server1 Certification authority (CA)
Server2 Certificate Enrollment Web Service Server3 Certificate Enrollment Policy Web Service
You need to ensure that users can manually enroll and renew their certificates by using the Certificate Enrollment Web Service.
Which two actions should you perform()
A.Configure the policy module setting.
B.Configure the issuance requeriments for the certificate templates.
C.Configure the Certificate Services Client - Certificate Enrollment Policy Group Policy setting.
D.Configure the delegation setting for the Certification Enrollment Web Service application pool account.
Your network contains two Active Directory forests named contoso.com and nwtraders.com. A two-way forest trust exists between contoso.com and nwtraders.com. The forest trust is configured to use selective authentication.
Contoso.com contains a server named Server1. Server1 contains a shared folder named Marketing. Nwtraders.com contains a global group named G_Marketing. The Change share permission and the Modify NTFS permissions for the Marketing folder are assignes to the G_Marketing group.
Members of G_Marketing report that they cannot accesss the Marketing folder.
You need to ensure that the G_Marketing members can accesss the folder from the network.
What should you do()
A.From Windows Explorer, modify the NTFS permissions of the folder
B.From Windows Explorer, modify the share permissions of the folder
C.From Active Directory Users and Computers, modify the computer object for Server1
D.From Active Directory Users and Computers, modify the group object for G_Marketing
Your network contains an Active Directory domain. The domain contains 1000 user accounts. You have a list that contains the mobile phone number of each user You need to add the mobile number of each user to Active Directory.
What should you do()
A.Create a file that contains the mobile phone numbers, and then run ldifde.exe
B.Create a fila that contains the mobile phone numbers, and then run csvde.exe
C.From Adsiedit, select the CN=Users container, and then mofify the properties of the container.
D.From Active Directory Users and Computers, select all of the users, and then modify the properties of the users.
Your network contains an Active Directory domain named contoso.com. All domain controllers and member servers run Windows Server 2008. All client computer run Windows 7. From a client computer, you create an audit policy by using the Advanced Audit Policy Configuration settings in the Default Domain Policy Group Policy object (GPO).
You discover that the audit policy is not applied to the member servers. The audit policy is applied to the client computers.
You need to ensure that the audit policy is applied to all member servers and all client computers.
What should you do()
A.Add a WMI filter to the Default Domain Policy GPO
B.Modify the security settings of the Default Domain Policy GPO
C.Configure a startup script that runs auditpol.exe on the member servers.
D.Configure a startup script that runs auditpol.exe on the domain controllers.
Your network contains an Active Directory domain controller named DC1. DDC1 runs Windows Server 2008 R2.
You need to defragment the Active Directory database on DC1. The solution must minimize downtime on DC1.
What should you do first()
A.At the command prompt, run net stop ntds.
B.At the command prompt, run net stop netlogon.
C.Restart DC1 in Safe Mode.
D.Restart DC1 in Directory Services Restore Mode (DSRM).
Your network contain 10 domain controller that run Windows Server R2.
The network contain a member server that is configured to collect all of events that occur on the domain controllers.
Your need to ensure that administrators are notified when a specific event occurs on any of the domain controllers. You want to achive the goal by using the minimum amount effort.
What should you do()
A.From Event Viewer on the member server, create a subscription.
B.From Event Viewer on each domain controller, create a subscription.
C.From Event Viewer on the member server, run the Create Basic Task Wizard.
D.From Event Viewer on each domain controller,run the Create Basic Task Wizard.
Your network contains an Active Directory domain.
A user named User1 takes a leave of absence for one year.
You need to restrict access to the User1 user account while User1 is away.
What should you do()
A.From the Default Domain Policy, modify the account lockout settings.
B.From the Default Domain Controller Policy, modify the account lockout settings.
C.From the properties of the user account, modify the Account options.
D.From the properties of the user account, modify the Session settings.
Your network contains an Active Directory domain. The domain contains a group named Group1. The minimum password lenght for the domain is set to six characters.
you need to ensure that the passwords for all users in Group1 are at least 10 characters long. All other users must be able to use passwords that are six characters long.
What should you do first()
A.Run the New-ADFineGrainedPasswordPolicy cmdlet.
B.Run the Add-ADFineGrainedPasswordPolicySubject cmdlet.
C.From the Default Domain Policy, modify the password policy.
D.From the Default Domain Controller Policy, modify the password policy.
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA).
The relevant servers in the domain are configured as shown in the following table:
Server name Operating system Server role
Server1 Windows Server 2003 Enterprise root CA Server2 Windows Server 2008 Enterprise subordinate CA Server3 Windows Server 2008 R2 Web Server
You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network.
What should you do()
A.Upgrade Server1 to Windows Server 2008 R2.
B.Upgrade Server2 to Windows Server 2008 R2.
C.Raise the functional level of the domain to Windows Server 2008.
D.Install the Windows Server 2008 R2 Active Directory Schema updates.
You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment.
You increase the template key length to 2,048 bits.
You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template.
Which console should you use()
A.Active Directory Administrative Center
B.Certification Authority
C.Certificate Templates
D.Group Policy Management
最新试题
You have an enterprise subordinate certification authority (CA). The CA is configured to use a hardware security module. You need to back up Active Directory Certificate Services on the CA. Which command should you run()
Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Serever 2008 Standart. You need to install an enterprise subordinate certification authority (CA) that support private key archival. You must achieve this goal by using the minimum amount of administrative effort.What do you do first()
You have a domain controller named Server1 that runs Windows Server 2008 R2. You need to determine the size of the Active Directory database on Server1. What should you do()
Your network contain 10 domain controller that run Windows Server R2. The network contain a member server that is configured to collect all of events that occur on the domain controllers. Your need to ensure that administrators are notified when a specific event occurs on any of the domain controllers. You want to achive the goal by using the minimum amount effort. What should you do()
You have Active Directory Certificate Services (AD CS) deployed. You create a custom certificate template. You need to ensure that all of the users in the domain automatically enroll for a certificate based on the custom certificate template. Which two actions should you perform()
What should you do()
You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template. Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment. You need to ensure that the certificate template is available on the Web enrollment pages. What should you do()
You install a standalone root certification authority (CA) on a server named Server1. You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computer’s Trusted Root Certification Authorities store. Which command should you run on Server1()
Your network contains three Active Directory forest named Forest1, Forest2, and Forest3. Each forest contains three domains. A two-way forest trust exists between Forest1 and Forest2. A two-way forest trust exists between Forest2 and Forest3. You need to configure the forest to meet the following requirements Users in Forest3 must be able to access resources in Forest1. Users in Forest1 must be able to access resources in Forest3. The number of trusts must be minimized. What should you do()
You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents. You need to ensure that all of the recovery agent certificates can be used to recover all new private keys. What should you do()