单选题Using an LDAP authentication server, what do you configure to validate certificate attributes?（）A Use the is exactly or contains operators.B Create a user filter matching the dn of the certificate.C Verify that the certificate is issued by a publicly t

第1题：

You are the network administrator for Contoso Pharmaceuticals. The network consists of a single Active Directory forest. The forest contains Windows Server 2003 servers and Windows XP Professional computers.   The forest consists of a forest root domain named contoso.com and two child domains named child1.contoso.com and child2.contoso.com. The child1.contoso.com domain contains a member server named Server1. You configure Server1 to be an enterprise certification authority （CA）， and you configure a user certificate template. You enable the Publish certificate in Active Directory setting in the certificate template. You instruct users in both the child1.contoso.com and the child2.contoso.com domains to enroll for user certificates.   You discover that the certificates for user accounts in the child1.contoso.com domain are being published to Active Directory， but the certificates for user accounts in the child2.contoso.com domain are not.   You want certificates issued by Server1 to child2.contoso.com domain user accounts to be published in Active Directory.   What should you do？ （）

• A、 Configure user certificate autoenrollment for all domain user accounts in the contoso.com domain.
• B、 Configure user certificate autoenrollment for all domain user accounts in the child2.contoso.com domain.
• C、 Add Server1 to the Cert Publishers group in the contoso.com domain.
• D、 Add Server1 to the Cert Publishers group in the child2.contoso.com domain.

第2题：

Which additional configuration must be completed when setting up role restrictions using certificates? （）

• A、Set up a certificate authentication server.
• B、Configure the authentication realm to remember certificate information.
• C、Configure the authentication realm to use a certificate server for authentication.
• D、Configure a role mapping rule requiring certification information to map user to role.

第3题：

Your network contains a Network Policy and Access Services server named Server1. All certificates in theorganization are issued by an enterprise certification authority (CA) named Server2. You have a standalonecomputer named Computer1 that runs Windows 7. Computer1 has a VPN connection that connects toServer1 by using SSTP. You attempt to establish the VPN connection to Server1 and receive the followingerror message: A certificate chain processed, but terminated in a root certificate which is not trusted by thetrust provider. You need to ensure that you can successfully establish the VPN connection to Server1.  What should you do on Computer1?（）

• A、Import the root certificate to the user s Trusted Publishers store.
• B、Import the root certificate to the computer s Trusted Root Certification Authorities store.
• C、Import the server certificate of Server1 to the user s Trusted Root Certification Authorities store.
• D、Import the server certificate of Server1 to the computer s Trusted Root Certification Authorities store.

第4题：

You need to design a strategy to meet the company’s requirements for e-mail. What should you do？（）

• A、Configure and publish a certificate template that is suitable for S/MIME, Deploy a Group Policy object （GPO） so that a certificate that is based on this template is automatically issued to all domain users
• B、Specify Group Policy objects （GPOs） and IPSec policies that require all client computers to use Kerberos authentication to connect to mail servers
• C、For each mail server， acquire an SSL server certificate from a commercial CA whose root certificate is already trusted
• D、Require IPSec encryption on all TCP connections that are used to send or receive e-mail messages

第5题：

You have an Exchange Server 2010 organization.Users on the network use HTTPS to connect to Outlook Web App （OWA）.The Client Access server uses a certificate issued by an internal certification authority （CA）.You plan to deploy an e-mail encryption solution for all users. You need to ensure that users can send and receive encrypted e-mail messages by using S/MIME from OWA.What should you do？（）

• A、Issue a certificate to each user
• B、Instruct all OWA users to import a root CA certificate
• C、Modify the authentication settings of the OWA virtual directory
• D、Configure the Client Access Server to use a certificate issued by a third-party CA

第6题：

You are a network administrator for your company. The network consists of two Active Directory domains. You are responsible for administering one domain， which contains users who work in the sales department. User objects for the users in the sales department are stored in an organizational unit （OU） named Sales in your domain.   Users in the sales department use a public key infrastructure （PKI） enabled application that requires users to present client authentication certificates before they are granted access. You install Certificate Services on two member servers  running Windows Server 2003. You configure one server as an enterprise subordinate certification authority （CA） and the other server as a stand-alone root CA.   You need to issue certificates that support client authentication to sales users only. You need to achieve this goal by using the minimum amount of administrative effort.   What should you do？  （）

• A、 Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object （GPO） to autoenroll users for certificates.
• B、 Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object （GPO） to autoenroll computers for certificates.
• C、 Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object （GPO） and link it to the Sales OU. Configure the GPO to autoenroll sales users for certificates.
• D、 Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object （GPO） and link it to the Sales OU. Configure the GPO to autoenroll sales client computers for certificates.

第7题：

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

You have an Exchange organization.All servers in the organization have Exchange Server 2010 Service Pack 1 （SP1） installed.The network contains an internal root certification authority （CA）.Users on the network use Outlook Anywhere.A Client Access server uses a wildcard certificate issued by a trusted third-party root CA.You need to ensure that users can send and receive encrypted e-mail messages by using S/MIME. What should you do？（）

• A、Instruct all users to import the third-party root CA certificate.
• B、Import the internal root CA certificate to the Client Access server.
• C、Instruct all users to import the internal root CA certificate.
• D、Issue a certificate to each user from the internal root CA

第14题：

Your company’s network includes client computers that run Windows 7. You design a wireless network to use Extensible Authentication Protocol-Transport Level Security （EAP-TLS）.   The Network Policy Server has a certificate installed.   Client computers are unable to connect to the wireless access points.    You need to enable client computers to connect to the wireless network.   What should you do？（）

• A、Configure client computers to use Protected Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol version 2 （PEAP-MS-CHAP v2）.
• B、Configure client computers to use Protected Extensible Authentication Protocol-Transport Layer Security （PEAP-TLS）.
• C、Install a certificate in the Trusted Root Certification Authorities certificate store.
• D、Install a certificate in the Third-Party Root Certification Authorities certificate store.

第15题：

Your network contains a stand-alone certification authority (CA) and a Web server. The Web server hosts a secure Web site. The Web site uses a server certificate that was issued from the CA. Users report that they receive a certificate warning message when they connect to the Web site. You need to prevent users from receiving the certificate warning message when they connect to the Web site. What should you do from the Internet Options in Internet Explorer?（） 

• A、Import the CA certificate to the trusted root CA certificate store. 
• B、Import the server authentication certificate to the trusted publishers certificate store.
• C、Clear the Check for publisher's certificate revocation check box. 
• D、Clear the Require server verification (https:) for all sites in this zone check box for the Trusted sites zone.

第16题：

You are the administrator of your company’s network. The dial-up server on your network is configured to support certificate authentication.   A user named Tom wants to use smart card authentication on his Windows 2000 Professional portable computer. You that Tom’s computer has a PC Card smart card reader and the appropriate drivers installed. You give Tom a smart card to use.   What else should you do to enable smart card authentication on Tom’s computer? （）

• A、Configure a dial-up connection to use EAP.  Select the smart card device for authentication. 
• B、Configure a dial-up connection to use SPAP.  Select the smart card device for authentication.
• C、Configure a dial-up connection to use certificate authentication.  Enable the usercredentials for authentication.
• D、Configure a dial-up connection to connect to a private network through the Internet.  Enable L2TP be create a virtual private network （VPN） tunnel.

第17题：

You deploy a mobile messaging solution by using front-end and back-end servers that run Microsoft Exchange Server 2003 Service Pack 2. Certificates are installed on all Microsoft Windows Mobilebased devices.   You need to allow devices that run Microsoft Windows Mobile 5.0 to perform certificate-based authentication for Microsoft Exchange ActiveSync.   What should you do？（）

• A、Configure the front-end server for Kerberos Constrained Delegation （KCD）.
• B、Configure a Routing Group Connector between the front-end and back-end servers.
• C、Configure the Windows Mobilebased devices with a Point-to-Point Protocol （PPTP） connection.
• D、Configure the Windows Mobilebased devices to use Extensible Authentication Protocol （EAP） and either a smart card or a certificate.

第18题：

An organization has Exchange server 2010.Network contains internal root Certification Authorization （CA）.Users on network use Outlook Anywhere.A CAS server uses a wildcard certificate issued by a trusted third party root CA.You need to ensure that users can send and receive encrypted e-mail messages by using S/MIME.What should you do？（）

• A、Instruct all users to import the 3d-party root CA certification
• B、Configure CAS server to use a certificate issued by a third-party CA
• C、Instruct all users to import an internal root CA certificate
• D、Deploy Outlook Web Access with the S/MIME control to the client system

第19题：

第20题：

第21题：

第22题：

第23题：