You have an enterprise subordinate certification authority （CA）.   You have a group named Group1.   You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1  must not be allowed to revoke certificates.   What sho

第1题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. The domain contains a Windows Server 2003 computer named Server1. You are planning a public key infrastructure （PKI） for the company. You want to deploy a certification authority （CA） on Server1. You create a new global security group named Cert Administrators. You need to delegate the tasks to issue， approve， and revoke certificates to members of the Cert Administrators group.  What should you do？（）

• A、 Add the Cert Administrators group to the Cert Publishers group in the domain.
• B、 Configure the Certificates Templates container in the Active Directory configuration naming context to assign the Cert Administrators group the Allow - Write permission.
• C、 Configure the CertSrv virtual directory on Server1 to assign the Cert Administrators group the Allow - Modify permission.
• D、 Assign the Certificate Managers role to the Cert Administrators group.

第2题：

You have an Exchange Server 2010 organization.  The organization contains a global security group named Group1.  You plan to deploy a monitoring solution for the Exchange servers in your organization.  You need to recommend a solution that allows members of Group1 to monitor the performance of Exchange Server 2010 servers.  Your solution must prevent members of Group1 from modifying the configurations of the Exchanges Server 2010 organization.  What should you include in the solution？（）

• A、Delegation of Control Wizard
• B、Federation Trusts
• C、Reliability Monitor
• D、Role Based Access Control （RBAC）

第3题：

You have a computer that runs Windows XP Professional. The computer is joined to an Active Directory domain. The domain contains a global group named Group1. You share a folder named Folder1 on the computer. You modify the NTFS permissions on Folder1 to assign Full Control to Group1. Users from Group1 report that they are unable to add files to Folder1 from the network. You need to ensure that members of Group1 can add files to Folder1 from the network. What should you do?（） 

• A、Add Group1 to the Power Users group.
• B、Add Group1 to the HelpServicesGroup.
• C、Modify the share permissions on Folder1.  
• D、Enable simple file sharing and modify the NTFS permissions on Folder1. 

第4题：

You have a Windows Server 2008 R2 Enterprise Root certification authority （CA）. You need to  grant members of the Account Operators group the ability to only manage Basic EFS certificates.     You grant the Account Operators group the Issue and Manage Certificates permission on the CA .   Which three tasks should you perform next（）

• A、Enable the Restrict Enrollment Agents option on the CA .
• B、Enable the Restrict Certificate Managers option on the CA .
• C、Add the Basic EFS certificate template for the Account Operators group.
• D、Grant the Account Operators group the Manage CA permission on the CA .
• E、Remove all unnecessary certificate templates that are assigned to the Account Operators group.

第5题：

You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2.   Server1 is configured as an enterprise root certification authority （CA）.    You install the Online Responder role service on Server2.    You need to configure Server1 to support the Online Responder. What should you do（）

• A、Import the enterprise root CA certificate.
• B、Configure the Certificate Revocation List Distribution Point extension.
• C、Configure the Authority Information Access （AIA） extension.
• D、Add the Server2 computer account to the CertPublishers group.

第6题：

You have an enterprise subordinate certification authority (CA). The CA issues smart card logon  certificates.   Users are required to log on to the domain by using a smart card.   Your companys corporate security policy states that when an employee resigns, his ability to log on to the network must be immediately revoked.   An employee resigns.   You need to immediately prevent the employee from logging on to the domain.  What should you do（）

• A、Revoke the employees smart card certificate.
• B、Disable the employees Active Directory account.
• C、Publish a new delta certificate revocation list （CRL）.
• D、Reset the password for the employees Active Directory account.

第7题：

You have a server that runs Windows Server 2008. The server has the Web Server （IIS） server role installed.   The server contains a Web site that is configured to use only Windows Authentication. You have a security group named Group1 that contains several user accounts.  You need to prevent the members of Group1 from accessing a Web site. You must not prevent other users from accessing the Web site.  Which Web site feature should you configure？（）

• A、Authentication
• B、Authorization Rules
• C、IIS Manager Permissions
• D、SSL Settings

第8题：

第9题：

第10题：

You have an enterprise subordinate certification authority （CA）. You have a group named  Group1.     You need to allow members of Group1 to publish new certificate revocation lists. Members of  Group1 must not be allowed to revoke certificates.     What should you do（）

• A、Add Group1 to the local Administrators group.
• B、Add Group1 to the Certificate Publishers group.
• C、Assign the Manage CA permission to Group1.
• D、Assign the Issue and Manage Certificates permission to Group1.

第11题：

You have an enterprise subordinate certification authority （CA）.   You have a custom certificate template that has a key length of 1，024 bits. The template is enabled for  autoenrollment.   You increase the template key length to 2，048 bits.   You need to ensure that all current certificate holders automatically enroll for a certificate that uses the  new template.   Which console should you use（）

• A、Active Directory Administrative Center
• B、Certification Authority
• C、Certificate Templates
• D、Group Policy Management

第12题：

You have an enterprise subordinate certification authority （CA）. The CA issues smart card logon  certificates.     Users are required to log on to the domain by using a smart card. Your company’s corporate  security policy states that when an employee resigns， his ability to log on to the network must be  immediately revoked.     An employee resigns. You need to immediately prevent the employee from logging on to the  domain.     What should you do（）

• A、Revoke the employee’s smart card certificate.
• B、Disable the employee’s Active Directory account.
• C、Publish a new delta certificate revocation list （CRL）.
• D、Reset the password for the employee’s Active Directory account.

第13题：

You have an Exchange Server 2010 organization.The organization contains a distribution group named Group1.You need to ensure that a user named User1 can review and approve all messages sent to Group1.You must prevent User1 from modifying the membership of Group1.  What should you do？（）

• A、Add User1 to Group1 Managed by list
• B、Assign User1 as a group moderator for Group1.
• C、Assign the Message Tracking management role to User1.
• D、Add User1 to Group1 and then create a new journal rule.

第14题：

our network contains a server that runs window server 2008. The serve has the network policy server(NPS) service role installed. You need to allow only members of a global group named group1 VPN access to the network. What should you do?（）

• A、Add group1 to the RAS and IAS servers group.
• B、Add group1 to the network configuration operators group..
• C、Create a new network policy and define a group-based connection for group1. Set the access permission of the policy to access granted. Set the processing order of the policy to 1.
• D、Create a new network policy and define a group-based condition for group1. Set the access permission of the policy to acces granted. Set the processing of the policy to 3.

第15题：

You have an Exchange Server 2010 organization.You have a group named Group1 that contains 10，000 members.You need to ensure that an informative message is displayed when users add Group1 to the recipient list of an e-mail message. What should you do？（）

• A、Configure a MailTip.
• B、Create a transport rule.
• C、Create a Send connector.
• D、Configure an expansion server.

第16题：

You are the network administrator for your company. The network contains a single Active Directory domain. All computers on the network are members of the domain. All domain controllers run Windows Server 2003.   You are planning a public key infrastructure （PKI）. The PKI design documents for your company specify that certificates that users request to encrypt files must have a validity period of two years.   The validity period of a Basic EFS certificate is one year. In the Certificates Templates console， you attempt to change the validity period for the Basic EFS certificate template. However， the console does not allow you to change the value.  You need to ensure that you can change the value of the validity period of the certificate that users request to encrypt files. What should you do？  （）

• A、 Install an enterprise certification authority （CA） in each domain.
• B、 Assign the Domain Admins group the Allow - Full Control permission for the Basic EFS certificate template.
• C、 Create a duplicate of the Basic EFS certificate template. Enable the new template for issuing certificate authorities.
• D、 Instruct users to connect to the certification authority （CA） Web enrollment pages to request a Basic EFS certificate.

第17题：

第18题：