单选题Your network contains a stand-alone certification authority (CA) and a Web server. The Web server hosts a secure Web site. The Web site uses a server certificate that was issued from the CA. Users report that they receive a certificate warning message 

题目
单选题
Your network contains a stand-alone certification authority (CA) and a Web server. The Web server hosts a secure Web site. The Web site uses a server certificate that was issued from the CA. Users report that they receive a certificate warning message when they connect to the Web site. You need to prevent users from receiving the certificate warning message when they connect to the Web site. What should you do from the Internet Options in Internet Explorer?()
A

Import the CA certificate to the trusted root CA certificate store. 

B

Import the server authentication certificate to the trusted publishers certificate store.

C

Clear the Check for publisher's certificate revocation check box. 

D

Clear the Require server verification (https:) for all sites in this zone check box for the Trusted sites zone.

相似考题

1. Your network is configured as shown in the following diagram.You deploy an enterprise certification authority (CA) on the internal network. You also deploy a Microsoft   Online Responder on the internal network.   You need to recommend a secure method for Internet users to verify the validity of individual certificates.   The solution must minimize network bandwidth. What should you recommend?()A、Deploy a subordinate CA on the perimeter network.B、Install a stand-alone CA and the Network Device Enrollment Service (NDES) on a server on the perimeter network.C、Install a Network Policy Server (NPS) on a server on the perimeter network. Redirect authentication  requests to a server on the internal network.D、Install Microsoft Internet Information Services (IIS) on a server on the perimeter network. Configure IIS  to redirect requests to the Online Responder on the internal network.

2. Your network contains a stand-alone certification authority (CA) and a Web server. The Web server hosts a secure Web site. The Web site uses a server certificate that was issued from the CA. Users report that they receive a certificate warning message when they connect to the Web site. You need to prevent users from receiving the certificate warning message when they connect to the Web site. What should you do from the Internet Options in Internet Explorer?() A、Import the CA certificate to the trusted root CA certificate store. B、Import the server authentication certificate to the trusted publishers certificate store.C、Clear the Check for publisher's certificate revocation check box. D、Clear the Require server verification (https:) for all sites in this zone check box for the Trusted sites zone.

3. Your network contains a Web server named Server1 that runs Windows Server 2003 and Internet Information Server (IIS). Server1 has a server certificate from an Enterprise Certificate Authority (CA) installed. External users report that when they try to access the Web site from outside the corporate network by using a Web browser, they receive the following warning message: There is a problem with this Web sites security certificate. The security certificate presented by this Web site was not issued by a trusted certificate authority. You find that users onthe corporate network do not receive this error. You need to ensure that external users do not receive the warning message when connecting to Server1.   What should you do?()A、In IIS Manager, enable the Enable client certificate mapping option.B、In IIS Manager, replace the certificate with a certificate obtained from a public Certification Authority.C、In Local Security Policy, enable Domain Member: Require strong (Windows 2000 or later) session key.D、In Local Security Policy, enable Domain Member: Digitally encrypt or sign secure channel data (always).

4. Your network contains a Network Policy and Access Services server named Server1. All certificates in theorganization are issued by an enterprise certification authority (CA) named Server2. You have a standalonecomputer named Computer1 that runs Windows 7. Computer1 has a VPN connection that connects toServer1 by using SSTP. You attempt to establish the VPN connection to Server1 and receive the followingerror message: A certificate chain processed, but terminated in a root certificate which is not trusted by thetrust provider. You need to ensure that you can successfully establish the VPN connection to Server1.  What should you do on Computer1?()A、Import the root certificate to the user s Trusted Publishers store.B、Import the root certificate to the computer s Trusted Root Certification Authorities store.C、Import the server certificate of Server1 to the user s Trusted Root Certification Authorities store.D、Import the server certificate of Server1 to the computer s Trusted Root Certification Authorities store.

更多“Your network contains a stand-alone certification authority ”相关问题

  • 第1题:

    You have an Exchange Server 2010 organization named contoso.com.  The organization contains two Client Access servers named CAS1 and CAS2 that are in a Client Accessserver array.  All internal and external users connect to their mailboxes by using mail.contoso.com.  You need to install a certificate on the Client Access servers to meet the following requirements:.Support 500 client computers that are not joined to the Active Directory domain  .Support clients that use Microsoft Office Outlook in Cached Exchange Mode, Autodiscover, andExchange ActiveSync .Minimize client and user support costs What should you do?()

    • A、From a trusted third-party certification authority (CA), generate a certificate request that contains the mail.contoso.com and Autodiscover names.
    • B、From a trusted third-party certification authority (CA), generate a certificate request that contains the CAS1.contoso.com and CAS2.contoso.com names.
    • C、From an internal Active Directory-integrated certification authority (CA), generate a certificate request that contains the mail.contoso.com and Autodiscover names.
    • D、From an internal Active Directory-integrated certification authority (CA), generate a certificate request that contains the CAS1.contoso.com and CAS2.contoso.com names.

    正确答案:A

  • 第2题:

    Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You have a stand-alone server that serves as a Stand-alone root certification authority (CA). You need to ensure that a specific user can back up the CA and configure the audit parameters on the CA.  What should you do?()

    • A、 Assign the user account to the CA Admin role.
    • B、 Add the user account to the local Administrators group.
    • C、 Grant the user the Back up files and directories user right.
    • D、 Grant the user the Manage auditing and security log user right.

    正确答案:B

  • 第3题:

    Your network contains a Windows Server 2008 R2 server that functions as a file server. All users have laptop computers that run Windows 7.   The network is not connected to the Internet. Users save files to a shared folder on the server. You need to design a data provisioning solution that meets the following requirements:   èUsers who are not connected to the corporate network must be able to access the files and the folders in the corporate network.    èUnauthorized users must not have access to the cached files and folders. What should you do?()

    • A、Implement a certification authority (CA). Configure IPsec domain isolation.
    • B、Implement a certification authority (CA). Configure Encrypting File System (EFS) for the drive that hosts the files.
    • C、Implement Microsoft SharePoint Foundation 2010. Enable Secure Socket Layer (SSL) encryption.
    • D、Configure caching on the shared folder. Configure offline files to use encryption.

    正确答案:D

  • 第4题:

    Your company has a server that runs Windows Server 2008. Certification Services is configured as a stand-alone Certification Authority (CA) on the server. You need to audit changes to the CA configuration settings and the CA security settings. Which two tasks should you perform()

    • A、Configure auditing in the Certification Services snap-in.
    • B、Enable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32% /CertSrv directory.
    • C、Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%/CertLog directory.
    • D、Enable the Audit object access setting in the Local Security Policy for the Certification Services server.

    正确答案:A,D

  • 第5题:

    You are the network administrator for your company. The network contains a single Active Directory domain. All computers on the network are members of the domain. All domain controllers run Windows Server 2003.   You are planning a public key infrastructure (PKI). The PKI design documents for your company specify that certificates that users request to encrypt files must have a validity period of two years.   The validity period of a Basic EFS certificate is one year. In the Certificates Templates console, you attempt to change the validity period for the Basic EFS certificate template. However, the console does not allow you to change the value.  You need to ensure that you can change the value of the validity period of the certificate that users request to encrypt files. What should you do?  ()

    • A、 Install an enterprise certification authority (CA) in each domain.
    • B、 Assign the Domain Admins group the Allow - Full Control permission for the Basic EFS certificate template.
    • C、 Create a duplicate of the Basic EFS certificate template. Enable the new template for issuing certificate authorities.
    • D、 Instruct users to connect to the certification authority (CA) Web enrollment pages to request a Basic EFS certificate.

    正确答案:C

  • 第6题:

    单选题
    Your network contains two Active Directory forests named contoso.com and adatum.com. The  functional level of both forests is Windows Server 2008 R2. Each forest contains one domain.  Active Directory Certificate Services (AD CS) is configured in the contoso.com forest to allow  users from both forests to automatically enroll user certificates.   You need to ensure that all users in the adatum.com forest have a user certificate from the  contoso.com certification authority (CA).   What should you configure in the adatum.com domain()
    A

    From the Default Domain Controllers Policy, modify the Enterprise Trust settings.

    B

    From the Default Domain Controllers Policy, modify the Trusted Publishers settings.

    C

    From the Default Domain Policy, modify the Certificate Enrollment policy.

    D

    From the Default Domain Policy, modify the Trusted Root Certification Authority settings.


    正确答案: C
    解析: 暂无解析

  • 第7题:

    单选题
    Your network contains an Active Directory domain.   You have a server named Server1 that runs Windows Server 2008 R2. Server1 is an enterprise root  certification authority (CA).   You have a client computer named Computer1 that runs Windows 7.   You enable automatic certificate enrollment for all client computers that run Windows 7.  You need to verify that the Windows 7 client computers can automatically enroll for certificates.  Which command should you run on Computer1()
    A

    certreq.exe retrieve

    B

    certreq.exe submit

    C

    certutil.exe getkey

    D

    certutil.exe pulse


    正确答案: D
    解析: 暂无解析

  • 第8题:

    单选题
    You need to design a PKI for Litware, Inc. What should you do?()
    A

    Add one offline stand-alone root certificate authority(CA).Add two online enterprise subordinate CAs

    B

    Add one online stand-alone root certification authority(CA).Add two online enterprise subordinate CAs

    C

    Add one online enterprise root certification authority CA).Add one offline enterprise subordinate CA

    D

    Add one online enterprise root certification authority(CA).Add two online enterprise subordinate CAs


    正确答案: D
    解析: 暂无解析

  • 第9题:

    单选题
    Your network contains an Active Directory domain named contoso.com. Contoso.com contains a  member server that runs Windows Serever 2008 Standart.   You need to install an enterprise subordinate certification authority (CA) that support private key  archival. You must achieve this goal by using the minimum amount of administrative effort. What do you do first()
    A

    Initialize the Trusted Platform Module (TPM)

    B

    Upgrade the menber server to Windows Server 2008 R2 Standard.

    C

    Install the Certificate Enrollment Policy Web Service role service on the member server.

    D

    Run the Security Configuration Wizard (SCW) and select the Active Directory Certificate Services - Certification


    正确答案: D
    解析: 暂无解析

  • 第10题:

    单选题
    Your network contains an Active Directory forest. The functional level of the forest is Windows Server 2008 R2.You plan to deploy DirectAccess.You need to configure the DNS servers on your network to support DirectAccess.What should you do?()
    A

    Modify the GlobalQueryBlockList registry key and restart the DNS Server service.

    B

    Modify the EnableGlobalNamesSupport registry key and restart the DNS Server service.

    C

    Create a trust anchor that uses a certificate issued by an internal certification authority (CA).

    D

    Create a trust anchor that uses a certificate issued by a publicly trusted certification authority (CA).


    正确答案: C
    解析: 暂无解析

  • 第11题:

    单选题
    Your network contains a Web server named Server1 that runs Windows Server 2003 and Internet Information Server (IIS). Server1 has a server certificate from an Enterprise Certificate Authority (CA) installed. External users report that when they try to access the Web site from outside the corporate network by using a Web browser, they receive the following warning message: There is a problem with this Web sites security certificate. The security certificate presented by this Web site was not issued by a trusted certificate authority. You find that users onthe corporate network do not receive this error. You need to ensure that external users do not receive the warning message when connecting to Server1.   What should you do?()
    A

    In IIS Manager, enable the Enable client certificate mapping option.

    B

    In IIS Manager, replace the certificate with a certificate obtained from a public Certification Authority.

    C

    In Local Security Policy, enable Domain Member: Require strong (Windows 2000 or later) session key.

    D

    In Local Security Policy, enable Domain Member: Digitally encrypt or sign secure channel data (always).


    正确答案: A
    解析: 暂无解析

  • 第12题:

    Your network contains an Active Directory forest. The forest contains two domains.  You have a standalone root certification authority (CA).   On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an  enterprise CA is disabled.   You need to install an enterprise subordinate CA on the server.   What should you use to log on to the new server()

    • A、an account that is a member of the Certificate Publishers group in the child domain
    • B、an account that is a member of the Certificate Publishers group in the forest root domain
    • C、an account that is a member of the Schema Admins group in the forest root domain
    • D、an account that is a member of the Enterprise Admins group in the forest root domain

    正确答案:D

  • 第13题:

    Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. The network contains 100 servers and 5,000 client computers. The client computers run either Windows XP Service Pack 1 or Windows 7. You need to plan a VPN solution that meets the following requirements:   èStores VPN passwords as encrypted text  èSupports Suite B cryptographic algorithms èSupports automatic enrollment of certificates   èSupports client computers that are configured as members of a workgroup What should you include in your plan?() 

    • A、Upgrade the client computers to Windows XP Service Pack 3. Implement a stand-alone certification authority (CA). Implement an IPsec VPN that uses certificate-based authentication.
    • B、Upgrade the client computers to Windows XP Service Pack 3. Implement an enterprise certification authority (CA) that is based on Windows Server?2008 R2. Implement an IPsec VPN that uses Kerberos  authentication.
    • C、Upgrade the client computers to Windows 7. Implement an enterprise certification authority (CA) that is  based on Windows Server 2008 R2. Implement an IPsec VPN that uses pre-shared keys.
    • D、Upgrade the client computers to Windows 7. Implement an enterprise certification authority (CA) that is  based on Windows Server 2008 R2. Implement an IPsec VPN that uses certificate-based authentication.

    正确答案:D

  • 第14题:

    Your network contains an enterprise root certification authority (CA). You need to ensure that a  certificate issued by the CA is valid.     What should you do()

    • A、Run syskey.exe and use the Update option.
    • B、Run sigverif.exe and use the Advanced option.
    • C、Run certutil.exe and specify the -verify parameter.
    • D、Run certreq.exe and specify the -retrieve parameter.

    正确答案:C

  • 第15题:

    You work as the exchange administrator at TestKing.com. The TestKing.com network contains anExchange Server 2010 Organization. You are responsible for managing the Exchange network forTestKing.com. You are in the process of enabling journaling within the TestKing.com organization. During the course ofday you receive an instruction form the CIO to stop administrators form reading classified e-mailmessages that is sent between senior management. What should you do?()

    • A、Your best option would be to deploy an X.509 certificate from an enterprise certification authority (CA)to all senior management.
    • B、Your best option would be to deploy Active Directory Rights Management Services (AD RMS)Templates.
    • C、Your best option would be to deploy an X.509 certificate from a trusted third-party certification authority(CA) to all senior management.
    • D、Your best option would be to deploy Active Directory Rights Management Services (AD RMS)Templates.Thereafter Transport Protection Rules should be created.

    正确答案:D

  • 第16题:

    单选题
    You are the network administrator for your company. The network contains a single Active Directory domain. All computers on the network are members of the domain. All domain controllers run Windows Server 2003.   You are planning a public key infrastructure (PKI). The PKI design documents for your company specify that certificates that users request to encrypt files must have a validity period of two years.   The validity period of a Basic EFS certificate is one year. In the Certificates Templates console, you attempt to change the validity period for the Basic EFS certificate template. However, the console does not allow you to change the value.  You need to ensure that you can change the value of the validity period of the certificate that users request to encrypt files. What should you do?  ()
    A

     Install an enterprise certification authority (CA) in each domain.

    B

     Assign the Domain Admins group the Allow - Full Control permission for the Basic EFS certificate template.

    C

     Create a duplicate of the Basic EFS certificate template. Enable the new template for issuing certificate authorities.

    D

     Instruct users to connect to the certification authority (CA) Web enrollment pages to request a Basic EFS certificate.


    正确答案: C
    解析: 暂无解析

  • 第17题:

    单选题
    You need to design a security solution for the internally developed Web applications that meets business requirements. What should you do?()
    A

    Install and configure a stand-alone root certification authorative (CA) that is trusted by all company client computers. Issue encryption certificates to all developers

    B

    Install and configure root certification authority (CA) that is trusted by all company client computers. Issue code-signing certificates to all developers

    C

    Purchase a root certification from a trusted commercial certification authority (CA). Install the root certificated on all developers’ computers

    D

    Purchase a code-signing certificate from a trusted commercial certification authority (CA). Install the certificate on all company client computers


    正确答案: B
    解析: 暂无解析

  • 第18题:

    单选题
    Your network contains an enterprise root certification authority (CA).  You need to ensure that a certificate issued by the CA is valid.  What should you do()
    A

    Run syskey.exe and use the Update option. T.he safer ,easier way to help you pass any IT exams.  4 / 90

    B

    Run sigverif.exe and use the Advanced option.  

    C

    Run certutil.exe and specify the -verify parameter.  

    D

    Run certreq.exe and specify the -retrieve parameter.


    正确答案: B
    解析: 暂无解析

  • 第19题:

    单选题
    Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You have a stand-alone server that serves as a Stand-alone root certification authority (CA). You need to ensure that a specific user can back up the CA and configure the audit parameters on the CA.  What should you do?()
    A

     Assign the user account to the CA Admin role.

    B

     Add the user account to the local Administrators group.

    C

     Grant the user the Back up files and directories user right.

    D

     Grant the user the Manage auditing and security log user right.


    正确答案: C
    解析: 暂无解析

  • 第20题:

    多选题
    Your network contains an Active Directory domain named contoso.com. Contoso.com contains  three servers.The servers are configure as shown in the following table.     Server name   Server roel Service   Server1                          Certification authority (CA)   Server2                         Certificate Enrollment Web Service  Server3                          Certificate Enrollment Policy Web Service   You need to ensure that users can manually enroll and renew their certificates by using the  Certificate Enrollment Web Service.     Which two actions should you perform()
    A

    Configure the policy module setting.

    B

    Configure the issuance requeriments for the certificate templates.

    C

    Configure the Certificate Services Client - Certificate Enrollment Policy Group Policy setting.

    D

    Configure the delegation setting for the Certification Enrollment Web Service application pool account.


    正确答案: D,A
    解析: 暂无解析

  • 第21题:

    单选题
    Your network contains a stand-alone root certification authority (CA). You have a server named Server1 that runs Windows Server 2008 R2.  You issue a server certificate to Server1. You deploy Secure Socket Tunneling Protocol (SSTP) on Server1.   You need to recommend a solution that allows external partner computers to access internalnetwork resources by using SSTP.   What should you recommend?()
    A

    Enable Network Access Protection (NAP) on the network.

    B

    Deploy the Root CA certificate to the external computers.

    C

    Implement the Remote Desktop Connection Broker role service.

    D

    Configure the firewall to allow inbound traffic on TCP Port 1723.


    正确答案: B
    解析: 暂无解析

  • 第22题:

    单选题
    Your network contains an Active Directory forest. The forest contains two domains. You have a  standalone root certification authority (CA).     On a server in the child domain, you run the Add Roles Wizard and discover that the option to  select an enterprise CA is disabled.     You need to install an enterprise subordinate CA on the server.     What should you use to log on to the new server()
    A

    an account that is a member of the Certificate Publishers group in the child domain

    B

    an account that is a member of the Certificate Publishers group in the forest root domain

    C

    an account that is a member of the Schema Admins group in the forest root domain

    D

    an account that is a member of the Enterprise Admins group in the forest root domain


    正确答案: C
    解析: 暂无解析

相关内容