Your company has an Active Directory domain. All servers run Windows Server 2008. Your company runs an Enterprise Root certification authority (CA). You need to ensure that only administrators can sign code. Which two tasks should you perform()A、Publish t

题目

Your company has an Active Directory domain. All servers run Windows Server 2008. Your company runs an Enterprise Root certification authority (CA). You need to ensure that only administrators can sign code. Which two tasks should you perform()

  • A、Publish the code signing template.
  • B、Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and allow only administrators to apply the policy.
  • C、Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted Publishers.
  • D、Modify the security settings on the template to allow only administrators to request code signing certificates.
相似考题

1. Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your  company runs an Enterprise Root certification authority (CA).     You need to ensure that only administrators can sign code.     Which two tasks should you perform()A、Publish the code signing template.B、Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and allow only admiC、Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted Publishers.D、Modify the security settings on the template to allow only administrators to request code signing certificates.

2. Your company has an Active Directory domain. You have a two-tier PKI infrastructure that  contains an offline root CA and an online issuing CA. The Enterprise certification authority is  running Windows Server 2008 R2.   You need to ensure users are able to enroll new certificates.     What should you do()A、Renew the Certificate Revocation List (CRL) on the root CA . Copy the CRL to the CertEnroll folder on the issuing CB、Renew the Certificate Revocation List (CRL) on the issuing CA . Copy the CRL to the SystemCertificates folder in thC、Import the root CA certificate into the Trusted Root Certification Authorities store on all client workstations.D、Import the issuing CA certificate into the Intermediate Certification Authorities store on all client workstations.

3.Your company has an Active Directory domain. All servers run Windows Server 2008. You deploy a Certification Authority (CA) server. You create a new global security group named CertIssuers. You need to ensure that members of the CertIssuers group can issue, approve, and revoke certificates. What should you do()A、Assign the Certificate Manager role to the CertIssuers group.B、Place CertIssuers group in the Certificate Publisher groupC、Run the certsrv -add CertIssuers command promt of the certificate serverD、Run the add -member-membertype memberset CertIssuers command by using Microsoft WindowsPowershell

4. Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your   company uses an Enterprise Root certificate authority (CA).    You need to ensure that revoked certificate information is highly available.    What should you do()A、Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.B、Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and  Acceleration Server array.C、Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).D、Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to  the domain.

更多“Your company has an Active Directory domain. All servers run Windows Server 2008. Your company runs an Enterprise Root certification authority (CA). You need to ensure that only administrators can sign code. Which two tasks should you perform()A、Publish t”相关问题

  • 第1题:

    Your company has 10 servers that run Windows Server 2008. The servers have Remote Desktop Protocol (RDP) enabled for server administration. RDP is configured to use default security settings. All administrators’ computers run Windows Vista. You need to ensure the RDP connections are as secure as possible.Which two actions should you perform? ()

    • A、Set the security layer for each server to the RDP Security Layer.
    • B、Configure the firewall on each server to block port 3389.
    • C、Acquire user certificates from the internal certification authority.
    • D、Configure each server to allow connections only to Remote Desktop client computers that use Network Level Authentication.

    正确答案:C,D

  • 第2题:

    Your company has an Active Directory domain. All servers run Windows Server 2008 R2.  Your  company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA.  The Enterprise Intermediate CA certificate expires.    You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do()

    • A、Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.
    • B、Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA  server.
    • C、Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers  group policy object.
    • D、Import the new certificate into the Intermediate Certification Store in the Default Domain group policy  object.

    正确答案:D

  • 第3题:

    Your company has an Active Directory forest that contains only Windows Server 2008 domain  controllers.     You need to prepare the Active Directory domain to install Windows Server 2008 R2 domain  controllers.     Which two tasks should you perform()

    • A、Run the adprep /forestprep command.
    • B、Run the adprep /domainprep command.
    • C、Raise the forest functional level to Windows Server 2008.
    • D、Raise the domain functional level to Windows Server 2008.

    正确答案:A,B

  • 第4题:

    Your company has a single Active Directory forest that has six domains.All DNS servers in the forest run Windows Server 2008 R2.You need to ensure that all public DNS queries are channeled through a single-caching-only DNS server.Which two actions should you perform?()

    • A、Disable the root hints.
    • B、Enable BIND secondaries.
    • C、Configure a forwarder to the caching DNS server.
    • D、Configure a GlobalNames host (A) record for the hostname of the caching DNS server.

    正确答案:A,C

  • 第5题:

    Your company has an Active Directory forest that contains only Windows Server 2003 domain controllers. You need to prepare the Active Directory domain to install Windows Server 2008 domain controllers. Which two tasks should you perform()

    • A、Run the adprep /forestprep command.
    • B、Run the adprep /domainprep command.
    • C、Raise the forest functional level to Windows Server 2008.
    • D、Raise the domain functional level to Windows Server 2008.

    正确答案:A,B

  • 第6题:

    Your company has a server that runs Windows Server 2008. Certification Services is configured as a stand-alone Certification Authority (CA) on the server. You need to audit changes to the CA configuration settings and the CA security settings. Which two tasks should you perform()

    • A、Configure auditing in the Certification Services snap-in.
    • B、Enable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32% /CertSrv directory.
    • C、Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%/CertLog directory.
    • D、Enable the Audit object access setting in the Local Security Policy for the Certification Services server.

    正确答案:A,D

  • 第7题:

    Your company has a single Active Directory forest that has six domains. All DNS servers in the forest run Windows Server 2008.You need to ensure that all public DNS queries are channeled through a single-caching-only DNS server. Which two actions should you perform? (Each correct answer presents part of the solution.()

    • A、Disable the root hints.
    • B、Enable BIND secondaries.
    • C、Configure a forwarder to the caching DNS server.
    • D、Configure a GlobalNames host (A)record for the hostname of the caching DNS server.

    正确答案:A,C

  • 第8题:

    Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate Services  (AD CS) is configured as a standalone Certification Authority (CA) on the server. You need to audit changes to the CA configuration settings and the CA security settings. Which two tasks should you perform()

    • A、Configure auditing in the Certification Authority snap-in.
    • B、 Enable  auditing  of  successful  and  failed  attempts  to  change  permissions  on  files  in  the %SYSTEM32%/CertSrv directory.
    • C、Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%/CertLog directory.
    • D、Enable the Audit object access setting in the Local Security Policy for the Active Directory Certificate  Services (AD CS) server.

    正确答案:A,D

  • 第9题:

    多选题
    Your company has an Active Directory domain. All servers run Windows Server 2008 R2.  Your  company runs an Enterprise Root certification authority (CA).   You need to ensure that only administrators can sign code. Which two task should you perform()
    A

    Publish the code signing template.

    B

    Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and  allow only administrators to apply the policy.

    C

    Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted  Publishers.

    D

    Modify the security settings on the template to allow only administrators to request code signing  certificates.


    正确答案: B,D
    解析: 暂无解析

  • 第10题:

    多选题
    Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your  company runs an Enterprise Root certification authority (CA).     You need to ensure that only administrators can sign code.     Which two tasks should you perform()
    A

    Publish the code signing template.

    B

    Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and allow only admi

    C

    Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted Publishers.

    D

    Modify the security settings on the template to allow only administrators to request code signing certificates.


    正确答案: C,A
    解析: 暂无解析

  • 第11题:

    单选题
    Your company has an Active Directory domain. All servers run Windows Server 2008. You deploy a Certification Authority (CA) server. You create a new global security group named CertIssuers. You need to ensure that members of the CertIssuers group can issue, approve, and revoke certificates. What should you do()
    A

    Assign the Certificate Manager role to the CertIssuers group.

    B

    Place CertIssuers group in the Certificate Publisher group

    C

    Run the certsrv -add CertIssuers command promt of the certificate server

    D

    Run the add -member-membertype memberset CertIssuers command by using Microsoft WindowsPowershell


    正确答案: A
    解析: 暂无解析

  • 第12题:

    单选题
    Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You have a stand-alone server that serves as a Stand-alone root certification authority (CA). You need to ensure that a specific user can back up the CA and configure the audit parameters on the CA.  What should you do?()
    A

     Assign the user account to the CA Admin role.

    B

     Add the user account to the local Administrators group.

    C

     Grant the user the Back up files and directories user right.

    D

     Grant the user the Manage auditing and security log user right.


    正确答案: D
    解析: 暂无解析

  • 第13题:

    Your company has an Active Directory domain. AlI servers run Windows Server 2008. Your company uses an Enterprise Root certificate authority (CA). You need to ensure that revoked certificate information is highly available. What should you do()

    • A、Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.
    • B、Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration Server array.
    • C、Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).
    • D、Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.

    正确答案:A

  • 第14题:

    Your company has an Active Directory domain. All servers run Windows Server 2008. Your company uses an ENterprise Root certification authority (CA) and an Enterprise Intermediate CA. The Enterprise intermediate CA certificate expires. You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do()

    • A、Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.
    • B、Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.
    • C、Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group object.
    • D、Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.

    正确答案:D

  • 第15题:

    Your company has an Active Directory domain. All servers run Windows Server 2008 R2.  Your  company runs an Enterprise Root certification authority (CA).   You need to ensure that only administrators can sign code. Which two task should you perform()

    • A、Publish the code signing template.
    • B、Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and  allow only administrators to apply the policy.
    • C、Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted  Publishers.
    • D、Modify the security settings on the template to allow only administrators to request code signing  certificates.

    正确答案:A,D

  • 第16题:

    Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You have a stand-alone server that serves as a Stand-alone root certification authority (CA). You need to ensure that a specific user can back up the CA and configure the audit parameters on the CA.  What should you do?()

    • A、 Assign the user account to the CA Admin role.
    • B、 Add the user account to the local Administrators group.
    • C、 Grant the user the Back up files and directories user right.
    • D、 Grant the user the Manage auditing and security log user right.

    正确答案:B

  • 第17题:

    Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your  company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA.     The Enterprise Intermediate CA certificate expires.     You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain.     What should you do()

    • A、Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.
    • B、Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.
    • C、Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group policy ob
    • D、Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.

    正确答案:D

  • 第18题:

    Your company has a single Active Directory forest that has six domains. All DNS servers in the forest run Windows Server 2008. You need to ensure that all public DNS quieries are channeled through a singlecahing- only DNS server. Which two actions should you perform?() 

    • A、Disable the root hints
    • B、Enable BIND secondaries
    • C、Configure a forwarder to the caching DNS server
    • D、Configure a GlobalNames host (A) record for the hostname of the caching DNS server

    正确答案:A,C

  • 第19题:

    Your company has an Active Directory domain. All servers run Windows Server 2008 R2.     Your company uses an Enterprise Root certificate authority (CA). You need to ensure that  revoked certificate information is highly available.   What should you do()

    • A、Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.
    • B、Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration S
    • C、Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).
    • D、Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.

    正确答案:A

  • 第20题:

    多选题
    Your company has an Active Directory domain. All servers run Windows Server 2008. Your company runs an Enterprise Root certification authority (CA). You need to ensure that only administrators can sign code. Which two tasks should you perform()
    A

    Publish the code signing template.

    B

    Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and allow only administrators to apply the policy.

    C

    Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted Publishers.

    D

    Modify the security settings on the template to allow only administrators to request code signing certificates.


    正确答案: A,B
    解析: 暂无解析

  • 第21题:

    多选题
    Your company has an Active Directory forest that contains only Windows Server 2003 domain controllers. You need to prepare the Active Directory domain to install Windows Server 2008 domain controllers. Which two tasks should you perform()
    A

    Run the adprep /forestprep command.

    B

    Run the adprep /domainprep command.

    C

    Raise the forest functional level to Windows Server 2008.

    D

    Raise the domain functional level to Windows Server 2008.


    正确答案: A,B
    解析: 暂无解析

  • 第22题:

    单选题
    Your company has an Active Directory domain. AlI servers run Windows Server 2008. Your company uses an Enterprise Root certificate authority (CA). You need to ensure that revoked certificate information is highly available. What should you do()
    A

    Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.

    B

    Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration Server array.

    C

    Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).

    D

    Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.


    正确答案: B
    解析: 暂无解析

  • 第23题:

    多选题
    Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate  Services (AD CS) is configured as a standalone Certification Authority (CA) on the server. You  need to audit changes to the CA configuration settings and the CA security settings.     Which two tasks should you perform()
    A

    Configure auditing in the Certification Authority snap-in.

    B

    Enable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32%/CertSrv dire

    C

    Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%/CertLog directory.

    D

    Enable the Audit object access setting in the Local Security Policy for the Active Directory Certificate Services


    正确答案: C,B
    解析: 暂无解析

相关内容