Your network contains a stand-alone root certification authority (CA). You have a server named Server1 that runs Windows Server 2008 R2.  You issue a server certificate to Server1. You deploy Secure Socket Tunneling Protocol (SSTP) on Server1.   You need

题目

Your network contains a stand-alone root certification authority (CA). You have a server named Server1 that runs Windows Server 2008 R2.  You issue a server certificate to Server1. You deploy Secure Socket Tunneling Protocol (SSTP) on Server1.   You need to recommend a solution that allows external partner computers to access internalnetwork resources by using SSTP.   What should you recommend?()

  • A、Enable Network Access Protection (NAP) on the network.
  • B、Deploy the Root CA certificate to the external computers.
  • C、Implement the Remote Desktop Connection Broker role service.
  • D、Configure the firewall to allow inbound traffic on TCP Port 1723.
相似考题

1.Your network contains a server named Server1 that runs Windows Server 2008 R2. You plan to deploy DirectAccess on Server1.You need to configure Windows Firewall on Server1 to support DirectAccess connections.What should you allow from Windows Firewall on Server1?()A. ICMPv6 Echo RequestsB. ICMPv6 RedirectC. IGMPD. IPv6-Route

2. Your network contains a Network Policy and Access Services server named Server1. All certificates in theorganization are issued by an enterprise certification authority (CA) named Server2. You have a standalonecomputer named Computer1 that runs Windows 7. Computer1 has a VPN connection that connects toServer1 by using SSTP. You attempt to establish the VPN connection to Server1 and receive the followingerror message: A certificate chain processed, but terminated in a root certificate which is not trusted by thetrust provider. You need to ensure that you can successfully establish the VPN connection to Server1.  What should you do on Computer1?()A、Import the root certificate to the user s Trusted Publishers store.B、Import the root certificate to the computer s Trusted Root Certification Authorities store.C、Import the server certificate of Server1 to the user s Trusted Root Certification Authorities store.D、Import the server certificate of Server1 to the computer s Trusted Root Certification Authorities store.

3. Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). You have a server named Server1. Server1 is configured as an enterprise root certification authority (CA). You perform a complete backup of Server1 that includes the system state. Server1 fails. You install a new server named Server1. You need to recover the enterprise root CA. What should you do? ()A、Restore the system state backup.B、Restore the %systemroot%/system32/certsrv folder.C、From the Certificates snap-in, import the enterprise root CA certificate.D、From the Certificates snap-in, import the enterprise root CA certificate revocation list (CRL).

4.Your network contains one Active Directory domain. You have a member server named Server1 that runs Windows Server 2008. The server has the Routing and Remote Acecss role service installed. You implement Network Access Protection (NAP) for the domain. You need to configure the Point-to-Point (PPP) authentication method on Server1. Which autnetication method should you choose?()A、Challenge Handshake Authentication Protocol (CHAP)B、Extensible Authentication Protocol (EAP)C、Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2)D、Password Authentication Protocol (PAP)

参考答案和解析
正确答案:B
更多“Your network contains a stand-alone root certification authority (CA). You have a server named Server1 that runs Windows Server 2008 R2.  You issue a server certificate to Server1. You deploy Secure Socket Tunneling Protocol (SSTP) on Server1.   You need ”相关问题

  • 第1题:

    You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. The domain contains a Windows Server 2003 computer named Server1. You are planning a public key infrastructure (PKI) for the company. You want to deploy a certification authority (CA) on Server1. You create a new global security group named Cert Administrators. You need to delegate the tasks to issue, approve, and revoke certificates to members of the Cert Administrators group.  What should you do?()

    • A、 Add the Cert Administrators group to the Cert Publishers group in the domain.
    • B、 Configure the Certificates Templates container in the Active Directory configuration naming context to assign the Cert Administrators group the Allow - Write permission.
    • C、 Configure the CertSrv virtual directory on Server1 to assign the Cert Administrators group the Allow - Modify permission.
    • D、 Assign the Certificate Managers role to the Cert Administrators group.

    正确答案:D

  • 第2题:

    Your network contains a Web server named Server1 that runs Windows Server 2003 and Internet Information Server (IIS). Server1 has a server certificate from an Enterprise Certificate Authority (CA) installed. External users report that when they try to access the Web site from outside the corporate network by using a Web browser, they receive the following warning message: There is a problem with this Web sites security certificate. The security certificate presented by this Web site was not issued by a trusted certificate authority. You find that users onthe corporate network do not receive this error. You need to ensure that external users do not receive the warning message when connecting to Server1.   What should you do?()

    • A、In IIS Manager, enable the Enable client certificate mapping option.
    • B、In IIS Manager, replace the certificate with a certificate obtained from a public Certification Authority.
    • C、In Local Security Policy, enable Domain Member: Require strong (Windows 2000 or later) session key.
    • D、In Local Security Policy, enable Domain Member: Digitally encrypt or sign secure channel data (always).

    正确答案:B

  • 第3题:

    You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2.   Server1 is configured as an enterprise root certification authority (CA).    You install the Online Responder role service on Server2.    You need to configure Server1 to support the Online Responder. What should you do()

    • A、Import the enterprise root CA certificate.
    • B、Configure the Certificate Revocation List Distribution Point extension.
    • C、Configure the Authority Information Access (AIA) extension.
    • D、Add the Server2 computer account to the CertPublishers group.

    正确答案:C

  • 第4题:

    You have a server named Server1 that runs Windows Server 2012 R2. You plan to create an image of Server1. You need to remove the source files for all server roles that are not installed on Server1. Which tool should you use?()

    • A、servermanagercmd.exe
    • B、imagex.exe
    • C、dism.exe
    • D、ocsetup.exe

    正确答案:C

  • 第5题:

    Your network contains a server named Server1 that runs Windows Server 2008 R2. You create  an Active Directory Lightweight Directory Services (AD LDS) instance on Server1.     You need to create an additional AD LDS application directory partition in the existing instance.     Which tool should you use()

    • A、Adaminstall
    • B、Dsadd
    • C、Dsmod
    • D、Ldp

    正确答案:D

  • 第6题:

    Your network consists of a single Active Directory domain. The domain contains a server named Server1. Server1 runs Windows Server 2003 Service Pack 2 (SP2).  You install Windows Support Tools on Server1. You need to view the IPSec settings applied to Server1.  What command should you run on Server1?()

    • A、Netstat–r IP
    • B、Netdiag/test:ipsec
    • C、Sc query policyagent
    • D、Netsh ipsec static show all

    正确答案:D

  • 第7题:

    Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2. You need to create 3-TB virtual hard disk (VHD) on Server1. Which tool should you use?()

    • A、File Server Resource Manager (FSRM)
    • B、New-StoragePool
    • C、Diskpart
    • D、Share and Storage Management

    正确答案:C

  • 第8题:

    You have an Active Directory domain that runs Windows Server 2008 R2. You need to implement  a certification authority (CA) server that meets the following requirements:     - Allows the certification authority to automatically issue certificates  - Integrates with Active Directory Domain Services     What should you do()

    • A、Install and configure the Active Directory Certificate Services server role as a Standalone Root CA .
    • B、Install and configure the Active Directory Certificate Services server role as an Enterprise Root CA .
    • C、Purchase a certificate from a third-party certification authority. Install and configure the Active Directory Certificate S
    • D、Purchase a certificate from a third-party certification authority. Import the certificate into the computer store of the sc

    正确答案:B

  • 第9题:

    You install a standalone root certification authority (CA) on a server named Server1.   You need to ensure that every computer in the forest has a copy of the root CA certificate  installed in the local computer’s Trusted Root Certification Authorities store.     Which command should you run on Server1()

    • A、certreq.exe and specify the -accept parameter
    • B、certreq.exe and specify the -retrieve parameter
    • C、certutil.exe and specify the -dspublish parameter
    • D、certutil.exe and specify the -importcert parameter

    正确答案:C

  • 第10题:

    单选题
    You have a server named Server1 that runs Windows Server 2012 R2. You plan to create an image of Server1. You need to remove the source files for all server roles that are not installed on Server1. Which tool should you use?()
    A

    servermanagercmd.exe

    B

    imagex.exe

    C

    dism.exe

    D

    ocsetup.exe


    正确答案: D
    解析: 暂无解析

  • 第11题:

    You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2.  Server1 is configured as an Enterprise Root certification authority (CA). You install the Online  Responder role service on Server2.     You need to configure Server2 to issue certificate revocation lists (CRLs) for the enterprise root  CA.     Which two tasks should you perform()

    • A、Import the enterprise root CA certificate.
    • B、Import the OCSP Response Signing certificate.
    • C、Add the Server1 computer account to the CertPublishers group.
    • D、Set the Startup Type of the Certificate Propagation service to Automatic.

    正确答案:A,B

  • 第12题:

    Your network contains a server named Server1 that runs Windows Server 2008 R2. You plan to deploy DirectAccess on Server1.You need to configure Windows Firewall on Server1 to support DirectAccess connections.What should you allow from Windows Firewall on Server1?()

    • A、ICMPv6 Echo Requests
    • B、ICMPv6 Redirect
    • C、IGMP
    • D、IPv6-Route

    正确答案:A

  • 第13题:

    You have two servers named Server1 and Server2. Both servers run Windows Server 2008. Server1 is configured as an enterprise root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server1 to support the Online Responder. What should you do()

    • A、Import the enterprise root CA certificate.
    • B、Configure the Certificate Distribution Point (CDP) extension.
    • C、Configure the Authority Information Access (AIA) extension.
    • D、Add the Server2 computer account to the CertPublishers group.

    正确答案:C

  • 第14题:

    Your network contains an Active Directory domain named contoso.com. The domain contains an  application server named Server1. Server1 runs Windows Server 2012 R2. You have a client application named App1 that communicates to Server1 by using dynamic TCP ports. On Server1, a technician runs the following command: New-NetFirewallRule -DisplayName AllowDynamic -Direction Outbound -LocalPort 1024- 65535 -Protocol TCP Users report that they can no longer connect to Server1 by using Appl. You need to ensure that App1 can connect to Server1.  What should you run on Server1?()

    • A、Set-NetFirewallRule -DisplayName AllowDynamic -Action Allow
    • B、netsh advfirewall firewall set rule name=allowdynamic new action = allow
    • C、Set-NetFirewallRule -DisplayName AllowDynamic -Direction Inbound
    • D、netsh advfirewall firewall add rule name=allowdynamic action=allow

    正确答案:C

  • 第15题:

    Your network contains an Active Directory forest. All domain controllers run Windows Server  2008 Standard. The functional level of the domain is Windows Server 2003. You have a  certification authority (CA).   The relevant servers in the domain are configured as shown in the following table:     Server name  Operating system  Server role   Server1  Windows Server 2003  Enterprise root CA  Server2  Windows Server 2008  Enterprise subordinate CA  Server3  Windows Server 2008 R2  Web Server   You need to ensure that you can install the Active Directory Certificate Services (AD CS)  Certificate Enrollment Web Service on the network.     What should you do()

    • A、Upgrade Server1 to Windows Server 2008 R2.
    • B、Upgrade Server2 to Windows Server 2008 R2.
    • C、Raise the functional level of the domain to Windows Server 2008.
    • D、Install the Windows Server 2008 R2 Active Directory Schema updates.

    正确答案:D

  • 第16题:

    You have two servers named Server1 and Server2. Both servers run Windows Server 2008. Server1 is configured as an Enterprise Root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server2 to issue certificate revocation lists (CRL) for the enterprise root CA. Which two tasks should you perform()

    • A、Import the enterprise root CA certificate.
    • B、Import the OCSP Response Signing certificate.
    • C、Add the Server1 computer account to the CertPublishers group.
    • D、Set the Startup Type of the Certificate Propagation service to Automatic.

    正确答案:A,B

  • 第17题:

    Your network contains an Active Directory forest. All domain controllers run Windows Server 2008   Standard. The functional level of the domain is Windows Server 2003.  You have a certification authority (CA).   The relevant servers in the domain are configured as shown in the following table.  Server name  Operating system  Server role   Server1  Windows Server 2003  Enterprise root CA  Server2  Windows Server 2008  Enterprise subordinate CA    Server3  Windows Server 2008 R2    Web Server   You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate   Enrollment Web Service on the network.   What should you do()

    • A、Upgrade Server1 to Windows Server 2008 R2.
    • B、Upgrade Server2 to Windows Server 2008 R2.
    • C、Raise the functional level of the domain to Windows Server 2008.
    • D、Install the Windows Server 2008 R2 Active Directory Schema updates.

    正确答案:D

  • 第18题:

    Your network contains an Active Directory domain.     You have a server named Server1 that runs Windows Server 2008 R2. Server1 is an enterprise root certification authority (CA).   You have a client computer named Computer1 that runs Windows 7. You enable automatic  certificate enrollment for all client computers that run Windows 7. You need to verify that the  Windows 7 client computers can automatically enroll for certificates.     Which command should you run on Computer1()

    • A、certreq.exe -retrieve
    • B、certreq.exe -submit
    • C、certutil.exe -getkey
    • D、certutil.exe -pulse

    正确答案:D

  • 第19题:

    单选题
    Your network contains one Active Directory domain. You have a member server named Server1 that runs Windows Server 2008 R2. The server has the Routing and Remote Access Services role service installed.You implement Network Access Protection (NAP) for the domain.You need to configure the Point-to-Point Protocol (PPP) authentication method on Server1. Which authentication method should you use?()
    A

    Challenge Handshake Authentication Protocol (CHAP)

    B

    Extensible Authentication Protocol (EAP)

    C

    Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2)

    D

    Password Authentication Protocol (PAP)


    正确答案: B
    解析: 暂无解析

  • 第20题:

    单选题
    Your network contains a stand-alone root certification authority (CA). You have a server named Server1 that runs Windows Server 2008 R2.  You issue a server certificate to Server1. You deploy Secure Socket Tunneling Protocol (SSTP) on Server1.   You need to recommend a solution that allows external partner computers to access internalnetwork resources by using SSTP.   What should you recommend?()
    A

    Enable Network Access Protection (NAP) on the network.

    B

    Deploy the Root CA certificate to the external computers.

    C

    Implement the Remote Desktop Connection Broker role service.

    D

    Configure the firewall to allow inbound traffic on TCP Port 1723.


    正确答案: A
    解析: 暂无解析

相关内容