Use the is exactly or contains operators.
Create a user filter matching the dn of the certificate.
Verify that the certificate is issued by a publicly trusted cs.
Match the certificate type and value with an attribute from the ldap server.
第1题:
You are the network administrator for Contoso Pharmaceuticals. The network consists of a single Active Directory forest. The forest contains Windows Server 2003 servers and Windows XP Professional computers. The forest consists of a forest root domain named contoso.com and two child domains named child1.contoso.com and child2.contoso.com. The child1.contoso.com domain contains a member server named Server1. You configure Server1 to be an enterprise certification authority (CA), and you configure a user certificate template. You enable the Publish certificate in Active Directory setting in the certificate template. You instruct users in both the child1.contoso.com and the child2.contoso.com domains to enroll for user certificates. You discover that the certificates for user accounts in the child1.contoso.com domain are being published to Active Directory, but the certificates for user accounts in the child2.contoso.com domain are not. You want certificates issued by Server1 to child2.contoso.com domain user accounts to be published in Active Directory. What should you do? ()
第2题:
Which additional configuration must be completed when setting up role restrictions using certificates? ()
第3题:
Your network contains a Network Policy and Access Services server named Server1. All certificates in theorganization are issued by an enterprise certification authority (CA) named Server2. You have a standalonecomputer named Computer1 that runs Windows 7. Computer1 has a VPN connection that connects toServer1 by using SSTP. You attempt to establish the VPN connection to Server1 and receive the followingerror message: A certificate chain processed, but terminated in a root certificate which is not trusted by thetrust provider. You need to ensure that you can successfully establish the VPN connection to Server1. What should you do on Computer1?()
第4题:
You need to design a strategy to meet the company’s requirements for e-mail. What should you do?()
第5题:
You have an Exchange Server 2010 organization.Users on the network use HTTPS to connect to Outlook Web App (OWA).The Client Access server uses a certificate issued by an internal certification authority (CA).You plan to deploy an e-mail encryption solution for all users. You need to ensure that users can send and receive encrypted e-mail messages by using S/MIME from OWA.What should you do?()
第6题:
You are a network administrator for your company. The network consists of two Active Directory domains. You are responsible for administering one domain, which contains users who work in the sales department. User objects for the users in the sales department are stored in an organizational unit (OU) named Sales in your domain. Users in the sales department use a public key infrastructure (PKI) enabled application that requires users to present client authentication certificates before they are granted access. You install Certificate Services on two member servers running Windows Server 2003. You configure one server as an enterprise subordinate certification authority (CA) and the other server as a stand-alone root CA. You need to issue certificates that support client authentication to sales users only. You need to achieve this goal by using the minimum amount of administrative effort. What should you do? ()
第7题:
Configure user certificate autoenrollment for all domain user accounts in the contoso.com domain.
Configure user certificate autoenrollment for all domain user accounts in the child2.contoso.com domain.
Add Server1 to the Cert Publishers group in the contoso.com domain.
Add Server1 to the Cert Publishers group in the child2.contoso.com domain.
第8题:
Import the root certificate to the user s Trusted Publishers store.
Import the root certificate to the computer s Trusted Root Certification Authorities store.
Import the server certificate of Server1 to the user s Trusted Root Certification Authorities store.
Import the server certificate of Server1 to the computer s Trusted Root Certification Authorities store.
第9题:
Modify the GlobalQueryBlockList registry key and restart the DNS Server service.
Modify the EnableGlobalNamesSupport registry key and restart the DNS Server service.
Create a trust anchor that uses a certificate issued by an internal certification authority (CA).
Create a trust anchor that uses a certificate issued by a publicly trusted certification authority (CA).
第10题:
You should consider changing the OWA virtual directory’s authentication settings.
You should consider issuing the employees a certificate.
You should consider using a third-party ca for -ex11.
You should consider importing a root CA certificate for each employee.
第11题:
Instruct all users to import the third-party root CA certificate.
Import the internal root CA certificate to the Client Access server.
Instruct all users to import the internal root CA certificate.
Issue a certificate to each user from the internal root CA
第12题:
Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object (GPO) to autoenroll users for certificates.
Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object (GPO) to autoenroll computers for certificates.
Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object (GPO) and link it to the Sales OU. Configure the GPO to autoenroll sales users for certificates.
Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object (GPO) and link it to the Sales OU. Configure the GPO to autoenroll sales client computers for certificates.
第13题:
You have an Exchange organization.All servers in the organization have Exchange Server 2010 Service Pack 1 (SP1) installed.The network contains an internal root certification authority (CA).Users on the network use Outlook Anywhere.A Client Access server uses a wildcard certificate issued by a trusted third-party root CA.You need to ensure that users can send and receive encrypted e-mail messages by using S/MIME. What should you do?()
第14题:
Your company’s network includes client computers that run Windows 7. You design a wireless network to use Extensible Authentication Protocol-Transport Level Security (EAP-TLS). The Network Policy Server has a certificate installed. Client computers are unable to connect to the wireless access points. You need to enable client computers to connect to the wireless network. What should you do?()
第15题:
Your network contains a stand-alone certification authority (CA) and a Web server. The Web server hosts a secure Web site. The Web site uses a server certificate that was issued from the CA. Users report that they receive a certificate warning message when they connect to the Web site. You need to prevent users from receiving the certificate warning message when they connect to the Web site. What should you do from the Internet Options in Internet Explorer?()
第16题:
You are the administrator of your company’s network. The dial-up server on your network is configured to support certificate authentication. A user named Tom wants to use smart card authentication on his Windows 2000 Professional portable computer. You that Tom’s computer has a PC Card smart card reader and the appropriate drivers installed. You give Tom a smart card to use. What else should you do to enable smart card authentication on Tom’s computer? ()
第17题:
You deploy a mobile messaging solution by using front-end and back-end servers that run Microsoft Exchange Server 2003 Service Pack 2. Certificates are installed on all Microsoft Windows Mobilebased devices. You need to allow devices that run Microsoft Windows Mobile 5.0 to perform certificate-based authentication for Microsoft Exchange ActiveSync. What should you do?()
第18题:
An organization has Exchange server 2010.Network contains internal root Certification Authorization (CA).Users on network use Outlook Anywhere.A CAS server uses a wildcard certificate issued by a trusted third party root CA.You need to ensure that users can send and receive encrypted e-mail messages by using S/MIME.What should you do?()
第19题:
Instruct all users to import the 3d-party root CA certification
Configure CAS server to use a certificate issued by a third-party CA
Instruct all users to import an internal root CA certificate
Deploy Outlook Web Access with the S/MIME control to the client system
第20题:
Install a Windows Server 2003 enterprise root CA, Configure certificate templates for autoenrollment
Install a Windows Server 2003 enterprise subordinate CA, Configure certificate templates for autoenrollment
Install a Windows Server 2003 stand-alone subordinate CA, Write a logon script for the client computers in the HR department that contains the Certreq.execommand
Install a Windows Server 2003 stand-alone root CA,Write a logon script for the client computers in the HR department that contains the Certreq.execommand
第21题:
Set up a certificate authentication server.
Configure the authentication realm to remember certificate information.
Configure the authentication realm to use a certificate server for authentication.
Configure a role mapping rule requiring certification information to map user to role.
第22题:
Import the CA certificate to the trusted root CA certificate store.
Import the server authentication certificate to the trusted publishers certificate store.
Clear the Check for publisher's certificate revocation check box.
Clear the Require server verification (https:) for all sites in this zone check box for the Trusted sites zone.
第23题:
Issue a certificate to each user
Instruct all OWA users to import a root CA certificate
Modify the authentication settings of the OWA virtual directory
Configure the Client Access Server to use a certificate issued by a third-party CA