单选题Your network contains an enterprise root certification authority (CA). You need to ensure that a certificate issued by the CA is valid. What should you do()ARun syskey.exe and use the Update option. T.he safer ,easier way to help you pass any IT exams. 4 / 90BRun sigverif.exe and use the Advanced option. CRun certutil.exe and specify the -verify parameter. DRun certreq.exe and specify the -retrieve parameter.
单选题
Your network contains an enterprise root certification authority (CA). You need to ensure that a certificate issued by the CA is valid. What should you do()
A
Run syskey.exe and use the Update option. T.he safer ,easier way to help you pass any IT exams. 4 / 90
B
Run sigverif.exe and use the Advanced option.
C
Run certutil.exe and specify the -verify parameter.
D
Run certreq.exe and specify the -retrieve parameter.
参考解析
解析:
暂无解析
相关考题:
You need to design phase one of the new authentication strategy. Your solution must meet business requirements.What should you do?()A、Install a Windows Server 2003 enterprise root CA, Configure certificate templates for autoenrollmentB、Install a Windows Server 2003 enterprise subordinate CA, Configure certificate templates for autoenrollmentC、Install a Windows Server 2003 stand-alone subordinate CA, Write a logon script for the client computers in the HR department that contains the Certreq.execommandD、Install a Windows Server 2003 stand-alone root CA,Write a logon script for the client computers in the HR department that contains the Certreq.execommand
Your network contains a Network Policy and Access Services server named Server1. All certificates in theorganization are issued by an enterprise certification authority (CA) named Server2. You have a standalonecomputer named Computer1 that runs Windows 7. Computer1 has a VPN connection that connects toServer1 by using SSTP. You attempt to establish the VPN connection to Server1 and receive the followingerror message: A certificate chain processed, but terminated in a root certificate which is not trusted by thetrust provider. You need to ensure that you can successfully establish the VPN connection to Server1. What should you do on Computer1?()A、Import the root certificate to the user s Trusted Publishers store.B、Import the root certificate to the computer s Trusted Root Certification Authorities store.C、Import the server certificate of Server1 to the user s Trusted Root Certification Authorities store.D、Import the server certificate of Server1 to the computer s Trusted Root Certification Authorities store.
Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA. The Enterprise Intermediate CA certificate expires. You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do()A、Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.B、Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.C、Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group policy object.D、Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). You have a server named Server1. Server1 is configured as an enterprise root certification authority (CA). You perform a complete backup of Server1 that includes the system state. Server1 fails. You install a new server named Server1. You need to recover the enterprise root CA. What should you do? ()A、Restore the system state backup.B、Restore the %systemroot%/system32/certsrv folder.C、From the Certificates snap-in, import the enterprise root CA certificate.D、From the Certificates snap-in, import the enterprise root CA certificate revocation list (CRL).
Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company runs an Enterprise Root certification authority (CA). You need to ensure that only administrators can sign code. Which two task should you perform()A、Publish the code signing template.B、Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and allow only administrators to apply the policy.C、Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted Publishers.D、Modify the security settings on the template to allow only administrators to request code signing certificates.
Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server()A、an account that is a member of the Certificate Publishers group in the child domainB、an account that is a member of the Certificate Publishers group in the forest root domainC、an account that is a member of the Schema Admins group in the forest root domainD、an account that is a member of the Enterprise Admins group in the forest root domain
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. The network contains 100 servers and 5,000 client computers. The client computers run either Windows XP Service Pack 1 or Windows 7. You need to plan a VPN solution that meets the following requirements: èStores VPN passwords as encrypted text èSupports Suite B cryptographic algorithms èSupports automatic enrollment of certificates èSupports client computers that are configured as members of a workgroup What should you include in your plan?() A、Upgrade the client computers to Windows XP Service Pack 3. Implement a stand-alone certification authority (CA). Implement an IPsec VPN that uses certificate-based authentication.B、Upgrade the client computers to Windows XP Service Pack 3. Implement an enterprise certification authority (CA) that is based on Windows Server?2008 R2. Implement an IPsec VPN that uses Kerberos authentication.C、Upgrade the client computers to Windows 7. Implement an enterprise certification authority (CA) that is based on Windows Server 2008 R2. Implement an IPsec VPN that uses pre-shared keys.D、Upgrade the client computers to Windows 7. Implement an enterprise certification authority (CA) that is based on Windows Server 2008 R2. Implement an IPsec VPN that uses certificate-based authentication.
Your network contains an enterprise root certification authority (CA). You need to ensure that a certificate issued by the CA is valid. What should you do()A、Run syskey.exe and use the Update option.B、Run sigverif.exe and use the Advanced option.C、Run certutil.exe and specify the -verify parameter.D、Run certreq.exe and specify the -retrieve parameter.
单选题You need to design a PKI for the Northwind Traders internal network. What should you do?()AAdd an enterprise root CA to the northwindtraders.com domain. Configure cross-certification between the northwindtraders.com domain and the boston.northwindtraders.com domainBAdd an enterprise subordinate issuing CA to the northwindtraders.com domain. Configure qualified subordination for the enterprise subordinate issuing CA in BostonCAdd enterprise subordinate issuing CAs to the New York, Boston, and Seattle LANs. Configure qualified subordinations for each enterprise subordinate issuing CADAdd a stand-alone commercial issuing CA to only the northwindtraders.com domain. Configure cross-certification between the commercial CA and the boston.northwindtraders.com domain
单选题Your company has an Active Directory domain. You have a two-tier PKI infrastructure that contains an offline root CA and an online issuing CA. The Enterprise certification authority is running Windows Server 2008 R2. You need to ensure users are able to enroll new certificates. What should you do()ARenew the Certificate Revocation List (CRL) on the root CA . Copy the CRL to the CertEnroll folder on the issuing CBRenew the Certificate Revocation List (CRL) on the issuing CA . Copy the CRL to the SystemCertificates folder in thCImport the root CA certificate into the Trusted Root Certification Authorities store on all client workstations.DImport the issuing CA certificate into the Intermediate Certification Authorities store on all client workstations.
单选题Your network contains two Active Directory forests named contoso.com and adatum.com. The functional level of both forests is Windows Server 2008 R2. Each forest contains one domain. Active Directory Certificate Services (AD CS) is configured in the contoso.com forest to allow users from both forests to automatically enroll user certificates. You need to ensure that all users in the adatum.com forest have a user certificate from the contoso.com certification authority (CA). What should you configure in the adatum.com domain()AFrom the Default Domain Controllers Policy, modify the Enterprise Trust settings.BFrom the Default Domain Controllers Policy, modify the Trusted Publishers settings.CFrom the Default Domain Policy, modify the Certificate Enrollment policy.DFrom the Default Domain Policy, modify the Trusted Root Certification Authority settings.
单选题Your network contains an Active Directory domain. You have a server named Server1 that runs Windows Server 2008 R2. Server1 is an enterprise root certification authority (CA). You have a client computer named Computer1 that runs Windows 7. You enable automatic certificate enrollment for all client computers that run Windows 7. You need to verify that the Windows 7 client computers can automatically enroll for certificates. Which command should you run on Computer1()Acertreq.exe retrieveBcertreq.exe submitCcertutil.exe getkeyDcertutil.exe pulse
单选题Your network contains a server that runs Windows Server 2008 R2. The server is configured as an enterprise root certification authority (CA). You have a Web site that uses x.509 certificates for authentication. The Web site is configured to use a many-to-one mapping. You revoke a certificate issued to an external partner. You need to prevent the external partner from accessing the Web site. What should you do()ARun certutil.exe -crl.BRun certutil.exe -delkey.CFrom Active Directory Users and Computers, modify the membership of the IIS_IUSRS group.DFrom Active Directory Users and Computers, modify the Contact object for the external partner.
多选题Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company runs an Enterprise Root certification authority (CA). You need to ensure that only administrators can sign code. Which two tasks should you perform()APublish the code signing template.BEdit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and allow only admiCEdit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted Publishers.DModify the security settings on the template to allow only administrators to request code signing certificates.
单选题You need to design a PKI for Litware, Inc. What should you do?()AAdd one offline stand-alone root certificate authority(CA).Add two online enterprise subordinate CAsBAdd one online stand-alone root certification authority(CA).Add two online enterprise subordinate CAsCAdd one online enterprise root certification authority CA).Add one offline enterprise subordinate CADAdd one online enterprise root certification authority(CA).Add two online enterprise subordinate CAs
单选题Your network contains an Active Directory domain named contoso.com. Contoso.com contains a member server that runs Windows Serever 2008 Standart. You need to install an enterprise subordinate certification authority (CA) that support private key archival. You must achieve this goal by using the minimum amount of administrative effort. What do you do first()AInitialize the Trusted Platform Module (TPM)BUpgrade the menber server to Windows Server 2008 R2 Standard.CInstall the Certificate Enrollment Policy Web Service role service on the member server.DRun the Security Configuration Wizard (SCW) and select the Active Directory Certificate Services - Certification
单选题Your network contains an Active Directory forest. The functional level of the forest is Windows Server 2008 R2.You plan to deploy DirectAccess.You need to configure the DNS servers on your network to support DirectAccess.What should you do?()AModify the GlobalQueryBlockList registry key and restart the DNS Server service.BModify the EnableGlobalNamesSupport registry key and restart the DNS Server service.CCreate a trust anchor that uses a certificate issued by an internal certification authority (CA).DCreate a trust anchor that uses a certificate issued by a publicly trusted certification authority (CA).
单选题Your network contains a stand-alone root certification authority (CA). You have a server named Server1 that runs Windows Server 2008 R2. You issue a server certificate to Server1. You deploy Secure Socket Tunneling Protocol (SSTP) on Server1. You need to recommend a solution that allows external partner computers to access internalnetwork resources by using SSTP. What should you recommend?()AEnable Network Access Protection (NAP) on the network.BDeploy the Root CA certificate to the external computers.CImplement the Remote Desktop Connection Broker role service.DConfigure the firewall to allow inbound traffic on TCP Port 1723.
单选题Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server()Aan account that is a member of the Certificate Publishers group in the child domainBan account that is a member of the Certificate Publishers group in the forest root domainCan account that is a member of the Schema Admins group in the forest root domainDan account that is a member of the Enterprise Admins group in the forest root domain