考题
You need to design an authentication solution for wireless network access. Your solution must meet business and technical requirements. Which two actions should you perform?()A、Deploy an offline enterprise root CA in the corp.woodgrovebank.com domain. Deploy subordinate enterprise root CAs in each child domain. Install Internet Authentication Service (IAS) on one member server in the la.corp.woodgrovebank.com domain and one member server in the den.corp.woodgrovebank.com domainB、Deploy an enterprise root CA in each domain. Install Internet Authentication Service (IAS) on a member server in the corp.woodgrovebank.com domain. Install the Routing and Remote Access service on a member server in each child domain, and configure these servers as RADIUS clientsC、Enroll and deploy user certificates to all administrators in each domain. Enroll and deploy computer certificates to all portable computers that have wireless network adapters. Configure each portable computer to use Protected EAP (PEAP) for authenticationD、Enroll and deploy computer certificates to all portable computers that have wireless network adapters. Configure each portable computer to use EAP-MS-CHAP v2 for authentication. Configure each portable computer to connect to the Internet Authentication Service (IAS) server
考题
Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server()A、an account that is a member of the Certificate Publishers group in the child domainB、an account that is a member of the Certificate Publishers group in the forest root domainC、an account that is a member of the Schema Admins group in the forest root domainD、an account that is a member of the Enterprise Admins group in the forest root domain
考题
Your company uses a Windows 2008 Enterprise certificate authority (CA) to issue certificates. You need to implement key archival. What should you do()A、Archive the private key on the server.B、Apply the Hisecdc security template to the domain controllers.C、Configure the certificate for automatic enrollment for the computers that store encrypted files.D、Install an Enterprise Subordinate CA and issue a user certificate to users of the encrypted files.
考题
Your company has an Active Directory domain. You plan to install the Active Directory Certificate Services (AD CS) server role on a member server that runs Windows Server 2008 R2. You need to ensure that members of the Account Operators group are able to issue smartcard credentials. They should not be able to revoke certificates. Which three actions should you perform()A、Install the AD CS server role and configure it as an Enterprise Root CA .B、Install the AD CS server role and configure it as a Standalone CA .C、Restrict enrollment agents for the Smartcard logon certificate to the Account Operator group.D、Restrict certificate managers for the Smartcard logon certificate to the Account Operator group.E、Create a Smartcard logon certificate.F、Create an Enrollment Agent certificate.
考题
You have a Windows Server 2008 R2 that has the Active Directory Certificate Services server role installed. You need to minimize the amount of time it takes for client computers to download a certificate revocation list (CRL). What should you do()A、Install and configure an Online Responder.B、Install and configure an additional domain controller.C、Import the Root CA certificate into the Trusted Root Certification Authorities store on all client workstations.D、Import the Issuing CA certificate into the Trusted Root Certification Authorities store on all client workstations.
考题
You need to design phase one of the new authentication strategy. Your solution must meet business requirements.What should you do?()A、Install a Windows Server 2003 enterprise root CA, Configure certificate templates for autoenrollmentB、Install a Windows Server 2003 enterprise subordinate CA, Configure certificate templates for autoenrollmentC、Install a Windows Server 2003 stand-alone subordinate CA, Write a logon script for the client computers in the HR department that contains the Certreq.execommandD、Install a Windows Server 2003 stand-alone root CA,Write a logon script for the client computers in the HR department that contains the Certreq.execommand
考题
Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA. The Enterprise Intermediate CA certificate expires. You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do()A、Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.B、Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.C、Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group policy object.D、Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.
考题
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). You have a server named Server1. Server1 is configured as an enterprise root certification authority (CA). You perform a complete backup of Server1 that includes the system state. Server1 fails. You install a new server named Server1. You need to recover the enterprise root CA. What should you do? ()A、Restore the system state backup.B、Restore the %systemroot%/system32/certsrv folder.C、From the Certificates snap-in, import the enterprise root CA certificate.D、From the Certificates snap-in, import the enterprise root CA certificate revocation list (CRL).
考题
You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2. Server1 is configured as an Enterprise Root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server2 to issue certificate revocation lists (CRLs) for the enterprise root CA. Which two tasks should you perform()A、Import the enterprise root CA certificate.B、Import the OCSP Response Signing certificate.C、Add the Server1 computer account to the CertPublishers group.D、Set the Startup Type of the Certificate Propagation service to Automatic.
考题
You need to design an authentication solution for the wireless network. Your solution must meet the security requirements. What should you do?()A、Create wireless VPNs using L2TP/IPSec between the client computers to the wireless access pointB、Configure IEEE 802.1x authentication with smart cardsC、Configure the wireless network to use Wired Equivalent Privacy (WEP)D、Install and configure an Internet Authentication Service (IAS) server
考题
You are designing an authentication solution to meet the security needs of the network administrators. You install an enterprise certification authority (CA). Which three additional actions should you take?()A、Enroll each administrative account for a smart card authentication certificate.B、Configure autoenrollment for computer authentication certificates. C、Install a smart card reader on each server computer. D、Install a smart card reader on each network administrator’s computer. E、Configure each administrative account to require a smart card for interactive logon.F、Configure the Default Domain Policy GPO to require smart cards for interactive login.
考题
You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2. Server1 is configured as an enterprise root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server1 to support the Online Responder. What should you do()A、Import the enterprise root CA certificate.B、Configure the Certificate Revocation List Distribution Point extension.C、Configure the Authority Information Access (AIA) extension.D、Add the Server2 computer account to the CertPublishers group.
考题
You have two servers named Server1 and Server2. Both servers run Windows Server 2008. Server1 is configured as an enterprise root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server1 to support the Online Responder. What should you do()A、Import the enterprise root CA certificate.B、Configure the Certificate Distribution Point (CDP) extension.C、Configure the Authority Information Access (AIA) extension.D、Add the Server2 computer account to the CertPublishers group.
考题
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA). The relevant servers in the domain are configured as shown in the following table: Server name Operating system Server role Server1 Windows Server 2003 Enterprise root CA Server2 Windows Server 2008 Enterprise subordinate CA Server3 Windows Server 2008 R2 Web Server You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network. What should you do()A、Upgrade Server1 to Windows Server 2008 R2.B、Upgrade Server2 to Windows Server 2008 R2.C、Raise the functional level of the domain to Windows Server 2008.D、Install the Windows Server 2008 R2 Active Directory Schema updates.
考题
You have a Windows Server 2008 that has the Active Directory Certificate Services server role installed. You need to minimize the amount of time it takes to download a certificate revocation list (CRL). What should you do()A、Install and configure an Online Responder.B、Install and configure an addtional domain controller.C、Import the Root CA certificate into the Trusted Root Certification Authorities on all client workstations.D、Import the Issuing CA certificate into the Trusted Root Certification Authorities on all client workstations.
考题
You have an Active Directory domain that runs Windows Server 2008 R2. You need to implement a certification authority (CA) server that meets the following requirements: - Allows the certification authority to automatically issue certificates - Integrates with Active Directory Domain Services What should you do()A、Install and configure the Active Directory Certificate Services server role as a Standalone Root CA .B、Install and configure the Active Directory Certificate Services server role as an Enterprise Root CA .C、Purchase a certificate from a third-party certification authority. Install and configure the Active Directory Certificate SD、Purchase a certificate from a third-party certification authority. Import the certificate into the computer store of the sc
考题
You need to design a security solution for WEB1. Your solution must address the chief information officer’s concerns. What should you do?()A、Enable Web distributed Authoring and Versioning (WebDAV) components on WEB1B、Install and configure the URLScan ISAPI filter on WEB1C、Install a computer certificate on WEB1, and enable the Server (Request Security) IPSec policy on WEB1D、Configure the Web site redirection option on the properties of WEB1 in the Internet Service Manager console
考题
You are the domain administrator for TestKing's Active Directory domain named All client computers run Windows XP Professional. You need to implement a solution for managing security updates on client computers. You plan to use a Windows Server 2003 computer to manage security updates. Your solution for managing security updates must meet the following requirements: 1. You must not purchase additional software or licences. 2. Security updates must be installed automatically. 3. You must be able to control which updates are available to install. 4. Security updates must synchronize automatically with the latest updates offered by Microsoft. You need to implement a solution for managing security updates that meets the requirements. What should you do?()A、Publish the security updates by using a Group Policy object (GPO). Assign the GPO to the client computers that require updatesB、Install Software Update Services (SUS). Configure the SUS software to synchronize daily with Microsoft. Use Group Policy to configure the appropriate Windows Update settings on the client computers.C、Install Microsoft Internet Security and Acceleration (ISA) Server on a Windows Server 2003 computer.D、Create a process to run Windows Update on all client computers.
考题
You need to design a security solution for the internally developed Web applications that meets business requirements. What should you do?()A、Install and configure a stand-alone root certification authorative (CA) that is trusted by all company client computers. Issue encryption certificates to all developersB、Install and configure root certification authority (CA) that is trusted by all company client computers. Issue code-signing certificates to all developersC、Purchase a root certification from a trusted commercial certification authority (CA). Install the root certificated on all developers’ computersD、Purchase a code-signing certificate from a trusted commercial certification authority (CA). Install the certificate on all company client computers
考题
You need to design an authentication strategy for users of portable computers. Your solution must meet business requirements. What should you do?()A、Issue smart cards and smart card readers to all portable computer users. Configure the domain to require smart cards for login and to log off users who remote their smart cardsB、Configure the portable computers to connect to only wireless networks that use Wired Equivalent Privacy (WEP). Install digital certificates on all portable computersC、Install computer certificates on all portable computers. Configure all portable computers to respond to requests for IPSec encryptionD、Install biometric authentication devices on all portable computers. Configure the Default Domain Policy GPO to require complex passwords for all users
考题
单选题You need to design a security solution for the internally developed Web applications that meets business requirements. What should you do?()A
Install and configure a stand-alone root certification authorative (CA) that is trusted by all company client computers. Issue encryption certificates to all developersB
Install and configure root certification authority (CA) that is trusted by all company client computers. Issue code-signing certificates to all developersC
Purchase a root certification from a trusted commercial certification authority (CA). Install the root certificated on all developers’ computersD
Purchase a code-signing certificate from a trusted commercial certification authority (CA). Install the certificate on all company client computers
考题
单选题Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server()A
an account that is a member of the Certificate Publishers group in the child domainB
an account that is a member of the Certificate Publishers group in the forest root domainC
an account that is a member of the Schema Admins group in the forest root domainD
an account that is a member of the Enterprise Admins group in the forest root domain
考题
单选题You have two servers named Server1 and Server2. Both servers run Windows Server 2008. Server1 is configured as an enterprise root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server1 to support the Online Responder. What should you do()A
Import the enterprise root CA certificate.B
Configure the Certificate Distribution Point (CDP) extension.C
Configure the Authority Information Access (AIA) extension.D
Add the Server2 computer account to the CertPublishers group.
考题
单选题You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2. Server1 is configured as an enterprise root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server1 to support the Online Responder. What should you do()A
Import the enterprise root CA certificate.B
Configure the Certificate Revocation List Distribution Point extension.C
Configure the Authority Information Access (AIA) extension.D
Add the Server2 computer account to the CertPublishers group.
考题
单选题Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). You have a server named Server1. Server1 is configured as an enterprise root certification authority (CA). You perform a complete backup of Server1 that includes the system state. Server1 fails. You install a new server named Server1. You need to recover the enterprise root CA. What should you do? ()A
Restore the system state backup.B
Restore the %systemroot%/system32/certsrv folder.C
From the Certificates snap-in, import the enterprise root CA certificate.D
From the Certificates snap-in, import the enterprise root CA certificate revocation list (CRL)
考题
单选题You need to design phase one of the new authentication strategy. Your solution must meet business requirements.What should you do?()A
Install a Windows Server 2003 enterprise root CA, Configure certificate templates for autoenrollmentB
Install a Windows Server 2003 enterprise subordinate CA, Configure certificate templates for autoenrollmentC
Install a Windows Server 2003 stand-alone subordinate CA, Write a logon script for the client computers in the HR department that contains the Certreq.execommandD
Install a Windows Server 2003 stand-alone root CA,Write a logon script for the client computers in the HR department that contains the Certreq.execommand
考题
单选题You have an Active Directory domain that runs Windows Server 2008 R2. You need to implement a certification authority (CA) server that meets the following requirements: - Allows the certification authority to automatically issue certificates - Integrates with Active Directory Domain Services What should you do()A
Install and configure the Active Directory Certificate Services server role as a Standalone Root CA .B
Install and configure the Active Directory Certificate Services server role as an Enterprise Root CA .C
Purchase a certificate from a third-party certification authority. Install and configure the Active Directory Certificate SD
Purchase a certificate from a third-party certification authority. Import the certificate into the computer store of the sc
考题
单选题Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA. The Enterprise Intermediate CA certificate expires. You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do()A
Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.B
Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.C
Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group policy object.D
Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.