网友您好, 请在下方输入框内输入要搜索的题目:
题目内容
(请给出正确答案)
Your company uses a Windows 2008 Enterprise certificate authority (CA) to issue certificates. You need to implement key archival. What should you do()
- A、Archive the private key on the server.
- B、Apply the Hisecdc security template to the domain controllers.
- C、Configure the certificate for automatic enrollment for the computers that store encrypted files.
- D、Install an Enterprise Subordinate CA and issue a user certificate to users of the encrypted files.
参考答案
更多 “Your company uses a Windows 2008 Enterprise certificate authority (CA) to issue certificates. You need to implement key archival. What should you do()A、Archive the private key on the server.B、Apply the Hisecdc security template to the domain controllers.C、Configure the certificate for automatic enrollment for the computers that store encrypted files.D、Install an Enterprise Subordinate CA and issue a user certificate to users of the encrypted files.” 相关考题
考题
Your network contains an Active Directory forest. The functional level of the forest is Windows Server 2008 R2.You plan to deploy DirectAccess.You need to configure the DNS servers on your network to support DirectAccess.What should you do?()A. Modify the GlobalQueryBlockList registry key and restart the DNS Server service.B. Modify the EnableGlobalNamesSupport registry key and restart the DNS Server service.C. Create a trust anchor that uses a certificate issued by an internal certification authority (CA).D. Create a trust anchor that uses a certificate issued by a publicly trusted certification authority (CA).
考题
Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company runs an Enterprise Root certification authority (CA). You need to ensure that only administrators can sign code. Which two tasks should you perform()A、Publish the code signing template.B、Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and allow only admiC、Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted Publishers.D、Modify the security settings on the template to allow only administrators to request code signing certificates.
考题
Your company has an Active Directory domain. You have a two-tier PKI infrastructure that contains an offline root CA and an online issuing CA. The Enterprise certification authority is running Windows Server 2008 R2. You need to ensure users are able to enroll new certificates. What should you do()A、Renew the Certificate Revocation List (CRL) on the root CA . Copy the CRL to the CertEnroll folder on the issuing CB、Renew the Certificate Revocation List (CRL) on the issuing CA . Copy the CRL to the SystemCertificates folder in thC、Import the root CA certificate into the Trusted Root Certification Authorities store on all client workstations.D、Import the issuing CA certificate into the Intermediate Certification Authorities store on all client workstations.
考题
Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Serever 2008 Standart. You need to install an enterprise subordinate certification authority (CA) that support private key archival. You must achieve this goal by using the minimum amount of administrative effort. What do you do first()A、Initialize the Trusted Platform Module (TPM)B、Upgrade the menber server to Windows Server 2008 R2 Standard.C、Install the Certificate Enrollment Policy Web Service role service on the member server.D、Run the Security Configuration Wizard (SCW) and select the Active Directory Certificate Services - Certification
考题
Your company has an Active Directory domain. All servers run Windows Server 2008. You deploy a Certification Authority (CA) server. You create a new global security group named CertIssuers. You need to ensure that members of the CertIssuers group can issue, approve, and revoke certificates. What should you do()A、Assign the Certificate Manager role to the CertIssuers group.B、Place CertIssuers group in the Certificate Publisher groupC、Run the certsrv -add CertIssuers command promt of the certificate serverD、Run the add -member-membertype memberset CertIssuers command by using Microsoft WindowsPowershell
考题
You have an enterprise root certification authority (CA) that runs Windows Server 2008 R2. You need to ensure that you can recover the private key of a certificate issued to a Web server. What should you do()A、From the ca, run the Get-PfxCertificate cmdlet.B、From the Web server, run the Get-PfxCertificate cmdlet.C、From the ca, run the certutil.exe tool and specify the -exportpfx parameter.D、From the Web server, run the certutil.exe tool and specify the -exportpfx parameter.
考题
Your company has an Active Directory domain. AlI servers run Windows Server 2008. Your company uses an Enterprise Root certificate authority (CA). You need to ensure that revoked certificate information is highly available. What should you do()A、Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.B、Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration Server array.C、Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).D、Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.
考题
You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents. You need to ensure that all of the recovery agent certificates can be used to recover all new private keys. What should you do()A、Add a data recovery agent to the Default Domain Policy.B、Modify the value in the Number of recovery agents to use box.C、Revoke the current key recovery agent certificates and issue three new key recovery agent certificates.D、Assign the Issue and Manage Certificates permission to users who have the key recovery agent certificates.
考题
Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA. The Enterprise Intermediate CA certificate expires. You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do()A、Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.B、Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.C、Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group policy object.D、Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.
考题
You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment. You increase the template key length to 2,048 bits. You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template. Which console should you use()A、Active Directory Administrative CenterB、Certification AuthorityC、Certificate TemplatesD、Group Policy Management
考题
Your network contains a Web server named Server1 that runs Windows Server 2003 and Internet Information Server (IIS). Server1 has a server certificate from an Enterprise Certificate Authority (CA) installed. External users report that when they try to access the Web site from outside the corporate network by using a Web browser, they receive the following warning message: There is a problem with this Web sites security certificate. The security certificate presented by this Web site was not issued by a trusted certificate authority. You find that users onthe corporate network do not receive this error. You need to ensure that external users do not receive the warning message when connecting to Server1. What should you do?()A、In IIS Manager, enable the Enable client certificate mapping option.B、In IIS Manager, replace the certificate with a certificate obtained from a public Certification Authority.C、In Local Security Policy, enable Domain Member: Require strong (Windows 2000 or later) session key.D、In Local Security Policy, enable Domain Member: Digitally encrypt or sign secure channel data (always).
考题
You have an enterprise subordinate certification authority (CA). The CA issues smart card logon certificates. Users are required to log on to the domain by using a smart card. Your company’s corporate security policy states that when an employee resigns, his ability to log on to the network must be immediately revoked. An employee resigns. You need to immediately prevent the employee from logging on to the domain. What should you do()A、Revoke the employee’s smart card certificate.B、Disable the employee’s Active Directory account.C、Publish a new delta certificate revocation list (CRL).D、Reset the password for the employee’s Active Directory account.
考题
Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company runs an Enterprise Root certification authority (CA). You need to ensure that only administrators can sign code. Which two task should you perform()A、Publish the code signing template.B、Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and allow only administrators to apply the policy.C、Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted Publishers.D、Modify the security settings on the template to allow only administrators to request code signing certificates.
考题
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. The network contains 100 servers and 5,000 client computers. The client computers run either Windows XP Service Pack 1 or Windows 7. You need to plan a VPN solution that meets the following requirements: èStores VPN passwords as encrypted text èSupports Suite B cryptographic algorithms èSupports automatic enrollment of certificates èSupports client computers that are configured as members of a workgroup What should you include in your plan?() A、Upgrade the client computers to Windows XP Service Pack 3. Implement a stand-alone certification authority (CA). Implement an IPsec VPN that uses certificate-based authentication.B、Upgrade the client computers to Windows XP Service Pack 3. Implement an enterprise certification authority (CA) that is based on Windows Server?2008 R2. Implement an IPsec VPN that uses Kerberos authentication.C、Upgrade the client computers to Windows 7. Implement an enterprise certification authority (CA) that is based on Windows Server 2008 R2. Implement an IPsec VPN that uses pre-shared keys.D、Upgrade the client computers to Windows 7. Implement an enterprise certification authority (CA) that is based on Windows Server 2008 R2. Implement an IPsec VPN that uses certificate-based authentication.
考题
You are a network administrator for your company. The network consists of two Active Directory domains. You are responsible for administering one domain, which contains users who work in the sales department. User objects for the users in the sales department are stored in an organizational unit (OU) named Sales in your domain. Users in the sales department use a public key infrastructure (PKI) enabled application that requires users to present client authentication certificates before they are granted access. You install Certificate Services on two member servers running Windows Server 2003. You configure one server as an enterprise subordinate certification authority (CA) and the other server as a stand-alone root CA. You need to issue certificates that support client authentication to sales users only. You need to achieve this goal by using the minimum amount of administrative effort. What should you do? ()A、 Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object (GPO) to autoenroll users for certificates.B、 Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object (GPO) to autoenroll computers for certificates.C、 Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object (GPO) and link it to the Sales OU. Configure the GPO to autoenroll sales users for certificates.D、 Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object (GPO) and link it to the Sales OU. Configure the GPO to autoenroll sales client computers for certificates.
考题
You are the network administrator for your company. The network consists of a single Active Directory domain. All domain controllers run Windows Server 2003. All client computers run Windows XP Professional. The company has legacy applications that run on UNIX servers. The legacy applications use the LDAP protocol to query Active Directory for employee information. The domain controllers are currently configured with the default security settings. You need to configure enhanced security for the domain controllers. In particular, you want to configure stronger password settings, audit settings, and lockout settings. You want to minimize interference with the proper functioning of the legacy applications. You decide to use the predefined security templates. You need to choose the appropriate predefined security template to apply to the domain controllers. What should you do?()A、 Apply the Setup security.inf template to the domain controllers.B、 Apply the DC security.inf template to the domain controllers.C、 Apply the Securedc.inf template to the domain controllers.D、 Apply the Rootsec.inf template to the domain controllers.
考题
You have an Active Directory domain that runs Windows Server 2008 R2. You need to implement a certification authority (CA) server that meets the following requirements: - Allows the certification authority to automatically issue certificates - Integrates with Active Directory Domain Services What should you do()A、Install and configure the Active Directory Certificate Services server role as a Standalone Root CA .B、Install and configure the Active Directory Certificate Services server role as an Enterprise Root CA .C、Purchase a certificate from a third-party certification authority. Install and configure the Active Directory Certificate SD、Purchase a certificate from a third-party certification authority. Import the certificate into the computer store of the sc
考题
You are the network administrator for your company. The network contains a single Active Directory domain. All computers on the network are members of the domain. All domain controllers run Windows Server 2003. You are planning a public key infrastructure (PKI). The PKI design documents for your company specify that certificates that users request to encrypt files must have a validity period of two years. The validity period of a Basic EFS certificate is one year. In the Certificates Templates console, you attempt to change the validity period for the Basic EFS certificate template. However, the console does not allow you to change the value. You need to ensure that you can change the value of the validity period of the certificate that users request to encrypt files. What should you do? ()A、 Install an enterprise certification authority (CA) in each domain.B、 Assign the Domain Admins group the Allow - Full Control permission for the Basic EFS certificate template.C、 Create a duplicate of the Basic EFS certificate template. Enable the new template for issuing certificate authorities.D、 Instruct users to connect to the certification authority (CA) Web enrollment pages to request a Basic EFS certificate.
考题
单选题You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment. You increase the template key length to 2,048 bits. You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template. Which console should you use()A
Active Directory Administrative CenterB
Certification AuthorityC
Certificate TemplatesD
Group Policy Management
考题
单选题Your company uses a Windows 2008 Enterprise certificate authority (CA) to issue certificates. You need to implement key archival. What should you do()A
Archive the private key on the server.B
Apply the Hisecdc security template to the domain controllers.C
Configure the certificate for automatic enrollment for the computers that store encrypted files.D
Install an Enterprise Subordinate CA and issue a user certificate to users of the encrypted files.
考题
单选题Your company has an Active Directory domain. AlI servers run Windows Server 2008. Your company uses an Enterprise Root certificate authority (CA). You need to ensure that revoked certificate information is highly available. What should you do()A
Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.B
Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration Server array.C
Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).D
Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.
考题
单选题You are the network administrator for your company. The network contains a single Active Directory domain. All computers on the network are members of the domain. All domain controllers run Windows Server 2003. You are planning a public key infrastructure (PKI). The PKI design documents for your company specify that certificates that users request to encrypt files must have a validity period of two years. The validity period of a Basic EFS certificate is one year. In the Certificates Templates console, you attempt to change the validity period for the Basic EFS certificate template. However, the console does not allow you to change the value. You need to ensure that you can change the value of the validity period of the certificate that users request to encrypt files. What should you do? ()A
Install an enterprise certification authority (CA) in each domain.B
Assign the Domain Admins group the Allow - Full Control permission for the Basic EFS certificate template.C
Create a duplicate of the Basic EFS certificate template. Enable the new template for issuing certificate authorities.D
Instruct users to connect to the certification authority (CA) Web enrollment pages to request a Basic EFS certificate.
考题
单选题Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA. The Enterprise Intermediate CA certificate expires. You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do()A
Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.B
Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.C
Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group policy object.D
Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.
热门标签
最新试卷