单选题Your network contains a stand-alone root certification authority (CA). You have a server named Server1 that runs Windows Server 2008 R2. You issue a server certificate to Server1. You deploy Secure Socket Tunneling Protocol (SSTP) on Server1. You need to recommend a solution that allows external partner computers to access internalnetwork resources by using SSTP. What should you recommend?()AEnable Network Access Protection (NAP) on the network.BDeploy the Root CA certificate to the external computers.CImplement the Remote Desktop Connection Broker role service.DConfigure the firewall to allow inbound traffic on TCP Port 1723.
单选题
Your network contains a stand-alone root certification authority (CA). You have a server named Server1 that runs Windows Server 2008 R2. You issue a server certificate to Server1. You deploy Secure Socket Tunneling Protocol (SSTP) on Server1. You need to recommend a solution that allows external partner computers to access internalnetwork resources by using SSTP. What should you recommend?()
A
Enable Network Access Protection (NAP) on the network.
B
Deploy the Root CA certificate to the external computers.
C
Implement the Remote Desktop Connection Broker role service.
D
Configure the firewall to allow inbound traffic on TCP Port 1723.
参考解析
解析:
暂无解析
相关考题:
Your network contains a DNS server named Server1 that runs Windows Server 2008 R2.Root hints for Server1 are configured as shown in the exhibit. (Click the Exhibit button.)You need to add root hints to Server1.What should you do first?()A、Disable recursion.B、Delete the . (root) zone.C、Restart the DNS Server service.D、Remove all conditional forwarders.
Your company’s network includes client computers that run Windows 7. You design a wireless network to use Extensible Authentication Protocol-Transport Level Security (EAP-TLS). The Network Policy Server has a certificate installed. Client computers are unable to connect to the wireless access points. You need to enable client computers to connect to the wireless network. What should you do?()A、Configure client computers to use Protected Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2).B、Configure client computers to use Protected Extensible Authentication Protocol-Transport Layer Security (PEAP-TLS).C、Install a certificate in the Trusted Root Certification Authorities certificate store.D、Install a certificate in the Third-Party Root Certification Authorities certificate store.
You need to design phase one of the new authentication strategy. Your solution must meet business requirements.What should you do?()A、Install a Windows Server 2003 enterprise root CA, Configure certificate templates for autoenrollmentB、Install a Windows Server 2003 enterprise subordinate CA, Configure certificate templates for autoenrollmentC、Install a Windows Server 2003 stand-alone subordinate CA, Write a logon script for the client computers in the HR department that contains the Certreq.execommandD、Install a Windows Server 2003 stand-alone root CA,Write a logon script for the client computers in the HR department that contains the Certreq.execommand
Your network is configured as shown in the following diagram.You deploy an enterprise certification authority (CA) on the internal network. You also deploy a Microsoft Online Responder on the internal network. You need to recommend a secure method for Internet users to verify the validity of individual certificates. The solution must minimize network bandwidth. What should you recommend?()A、Deploy a subordinate CA on the perimeter network.B、Install a stand-alone CA and the Network Device Enrollment Service (NDES) on a server on the perimeter network.C、Install a Network Policy Server (NPS) on a server on the perimeter network. Redirect authentication requests to a server on the internal network.D、Install Microsoft Internet Information Services (IIS) on a server on the perimeter network. Configure IIS to redirect requests to the Online Responder on the internal network.
Your network contains a Network Policy and Access Services server named Server1. All certificates in theorganization are issued by an enterprise certification authority (CA) named Server2. You have a standalonecomputer named Computer1 that runs Windows 7. Computer1 has a VPN connection that connects toServer1 by using SSTP. You attempt to establish the VPN connection to Server1 and receive the followingerror message: A certificate chain processed, but terminated in a root certificate which is not trusted by thetrust provider. You need to ensure that you can successfully establish the VPN connection to Server1. What should you do on Computer1?()A、Import the root certificate to the user s Trusted Publishers store.B、Import the root certificate to the computer s Trusted Root Certification Authorities store.C、Import the server certificate of Server1 to the user s Trusted Root Certification Authorities store.D、Import the server certificate of Server1 to the computer s Trusted Root Certification Authorities store.
Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA. The Enterprise Intermediate CA certificate expires. You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do()A、Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.B、Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.C、Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group policy object.D、Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.
Your network contains a stand-alone certification authority (CA) and a Web server. The Web server hosts a secure Web site. The Web site uses a server certificate that was issued from the CA. Users report that they receive a certificate warning message when they connect to the Web site. You need to prevent users from receiving the certificate warning message when they connect to the Web site. What should you do from the Internet Options in Internet Explorer?() A、Import the CA certificate to the trusted root CA certificate store. B、Import the server authentication certificate to the trusted publishers certificate store.C、Clear the Check for publisher's certificate revocation check box. D、Clear the Require server verification (https:) for all sites in this zone check box for the Trusted sites zone.
Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server()A、an account that is a member of the Certificate Publishers group in the child domainB、an account that is a member of the Certificate Publishers group in the forest root domainC、an account that is a member of the Schema Admins group in the forest root domainD、an account that is a member of the Enterprise Admins group in the forest root domain
Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You have a stand-alone server that serves as a Stand-alone root certification authority (CA). You need to ensure that a specific user can back up the CA and configure the audit parameters on the CA. What should you do?()A、 Assign the user account to the CA Admin role.B、 Add the user account to the local Administrators group.C、 Grant the user the Back up files and directories user right.D、 Grant the user the Manage auditing and security log user right.
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. The network contains 100 servers and 5,000 client computers. The client computers run either Windows XP Service Pack 1 or Windows 7. You need to plan a VPN solution that meets the following requirements: èStores VPN passwords as encrypted text èSupports Suite B cryptographic algorithms èSupports automatic enrollment of certificates èSupports client computers that are configured as members of a workgroup What should you include in your plan?() A、Upgrade the client computers to Windows XP Service Pack 3. Implement a stand-alone certification authority (CA). Implement an IPsec VPN that uses certificate-based authentication.B、Upgrade the client computers to Windows XP Service Pack 3. Implement an enterprise certification authority (CA) that is based on Windows Server?2008 R2. Implement an IPsec VPN that uses Kerberos authentication.C、Upgrade the client computers to Windows 7. Implement an enterprise certification authority (CA) that is based on Windows Server 2008 R2. Implement an IPsec VPN that uses pre-shared keys.D、Upgrade the client computers to Windows 7. Implement an enterprise certification authority (CA) that is based on Windows Server 2008 R2. Implement an IPsec VPN that uses certificate-based authentication.
Your network contains an enterprise root certification authority (CA). You need to ensure that a certificate issued by the CA is valid. What should you do()A、Run syskey.exe and use the Update option.B、Run sigverif.exe and use the Advanced option.C、Run certutil.exe and specify the -verify parameter.D、Run certreq.exe and specify the -retrieve parameter.
Your network is configured as shown in the following diagram. Each office contains a server that has the File Services server role installed. The servers have a shared folder named Resources. You need to plan the data availability of the Resources folder. Your plan must meet the following requirements: èIf a WAN link fails,the files in the Resources folder must be available in all of the offices. èIf a single server fails, the files in the Resources folder must be available in each of the branch offices,and the users must be able to use existing drive mappings. èYour plan must minimize network traffic over the WAN links. What should you include in your plan?()A、a stand-alone DFS namespace that uses DFS Replication in a full mesh topologyB、a domain-based DFS namespace that uses DFS Replication in a full mesh topologyC、a stand-alone DFS namespace that uses DFS Replication in a hub and spoke topologyD、a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
单选题Your company has an Active Directory domain. You have a two-tier PKI infrastructure that contains an offline root CA and an online issuing CA. The Enterprise certification authority is running Windows Server 2008 R2. You need to ensure users are able to enroll new certificates. What should you do()ARenew the Certificate Revocation List (CRL) on the root CA . Copy the CRL to the CertEnroll folder on the issuing CBRenew the Certificate Revocation List (CRL) on the issuing CA . Copy the CRL to the SystemCertificates folder in thCImport the root CA certificate into the Trusted Root Certification Authorities store on all client workstations.DImport the issuing CA certificate into the Intermediate Certification Authorities store on all client workstations.
单选题Your network contains two Active Directory forests named contoso.com and adatum.com. The functional level of both forests is Windows Server 2008 R2. Each forest contains one domain. Active Directory Certificate Services (AD CS) is configured in the contoso.com forest to allow users from both forests to automatically enroll user certificates. You need to ensure that all users in the adatum.com forest have a user certificate from the contoso.com certification authority (CA). What should you configure in the adatum.com domain()AFrom the Default Domain Controllers Policy, modify the Enterprise Trust settings.BFrom the Default Domain Controllers Policy, modify the Trusted Publishers settings.CFrom the Default Domain Policy, modify the Certificate Enrollment policy.DFrom the Default Domain Policy, modify the Trusted Root Certification Authority settings.
单选题You have an Exchange organization.All servers in the organization have Exchange Server 2010 Service Pack 1 (SP1) installed.The network contains an internal root certification authority (CA).Users on the network use Outlook Anywhere.A Client Access server uses a wildcard certificate issued by a trusted third-party root CA.You need to ensure that users can send and receive encrypted e-mail messages by using S/MIME. What should you do?()AInstruct all users to import the third-party root CA certificate.BImport the internal root CA certificate to the Client Access server.CInstruct all users to import the internal root CA certificate.DIssue a certificate to each user from the internal root CA
单选题You need to design a security solution for the internally developed Web applications that meets business requirements. What should you do?()AInstall and configure a stand-alone root certification authorative (CA) that is trusted by all company client computers. Issue encryption certificates to all developersBInstall and configure root certification authority (CA) that is trusted by all company client computers. Issue code-signing certificates to all developersCPurchase a root certification from a trusted commercial certification authority (CA). Install the root certificated on all developers’ computersDPurchase a code-signing certificate from a trusted commercial certification authority (CA). Install the certificate on all company client computers
单选题Your network contains an enterprise root certification authority (CA). You need to ensure that a certificate issued by the CA is valid. What should you do()ARun syskey.exe and use the Update option. T.he safer ,easier way to help you pass any IT exams. 4 / 90BRun sigverif.exe and use the Advanced option. CRun certutil.exe and specify the -verify parameter. DRun certreq.exe and specify the -retrieve parameter.
单选题An organization has Exchange server 2010.Network contains internal root Certification Authorization (CA).Users on network use Outlook Anywhere.A CAS server uses a wildcard certificate issued by a trusted third party root CA.You need to ensure that users can send and receive encrypted e-mail messages by using S/MIME.What should you do?()AInstruct all users to import the 3d-party root CA certificationBConfigure CAS server to use a certificate issued by a third-party CACInstruct all users to import an internal root CA certificateDDeploy Outlook Web Access with the S/MIME control to the client system
单选题You need to design a PKI for Litware, Inc. What should you do?()AAdd one offline stand-alone root certificate authority(CA).Add two online enterprise subordinate CAsBAdd one online stand-alone root certification authority(CA).Add two online enterprise subordinate CAsCAdd one online enterprise root certification authority CA).Add one offline enterprise subordinate CADAdd one online enterprise root certification authority(CA).Add two online enterprise subordinate CAs
单选题Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You have a stand-alone server that serves as a Stand-alone root certification authority (CA). You need to ensure that a specific user can back up the CA and configure the audit parameters on the CA. What should you do?()A Assign the user account to the CA Admin role.B Add the user account to the local Administrators group.C Grant the user the Back up files and directories user right.D Grant the user the Manage auditing and security log user right.
单选题Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Serever 2008 Standart. You need to install an enterprise subordinate certification authority (CA) that support private key archival. You must achieve this goal by using the minimum amount of administrative effort. What do you do first()AInitialize the Trusted Platform Module (TPM)BUpgrade the menber server to Windows Server 2008 R2 Standard.CInstall the Certificate Enrollment Policy Web Service role service on the member server.DRun the Security Configuration Wizard (SCW) and select the Active Directory Certificate Services - Certification
单选题Your network contains an Active Directory forest. The functional level of the forest is Windows Server 2008 R2.You plan to deploy DirectAccess.You need to configure the DNS servers on your network to support DirectAccess.What should you do?()AModify the GlobalQueryBlockList registry key and restart the DNS Server service.BModify the EnableGlobalNamesSupport registry key and restart the DNS Server service.CCreate a trust anchor that uses a certificate issued by an internal certification authority (CA).DCreate a trust anchor that uses a certificate issued by a publicly trusted certification authority (CA).
单选题Your network contains a stand-alone root certification authority (CA). You have a server named Server1 that runs Windows Server 2008 R2. You issue a server certificate to Server1. You deploy Secure Socket Tunneling Protocol (SSTP) on Server1. You need to recommend a solution that allows external partner computers to access internalnetwork resources by using SSTP. What should you recommend?()AEnable Network Access Protection (NAP) on the network.BDeploy the Root CA certificate to the external computers.CImplement the Remote Desktop Connection Broker role service.DConfigure the firewall to allow inbound traffic on TCP Port 1723.
单选题Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server()Aan account that is a member of the Certificate Publishers group in the child domainBan account that is a member of the Certificate Publishers group in the forest root domainCan account that is a member of the Schema Admins group in the forest root domainDan account that is a member of the Enterprise Admins group in the forest root domain