单选题You install a standalone root certification authority (CA) on a server named Server1. You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the  local computers Trusted Root Certification Authorities store.   Which command should you run on Server1()Acertreq.exe and specify the -accept parameterBcertreq.exe and specify the -retrieve parameterCcertutil.exe and specify the -dspublish parameterDcertutil.exe and specify the -importcert parameter

单选题
You install a standalone root certification authority (CA) on a server named Server1. You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the  local computers Trusted Root Certification Authorities store.   Which command should you run on Server1()
A

certreq.exe and specify the -accept parameter

B

certreq.exe and specify the -retrieve parameter

C

certutil.exe and specify the -dspublish parameter

D

certutil.exe and specify the -importcert parameter


参考解析

解析: 暂无解析

相关考题:

You have an Active Directory domain that runs Windows Server 2008 R2. You need to implement  a certification authority (CA) server that meets the following requirements:     - Allows the certification authority to automatically issue certificates  - Integrates with Active Directory Domain Services     What should you do()A、Install and configure the Active Directory Certificate Services server role as a Standalone Root CA .B、Install and configure the Active Directory Certificate Services server role as an Enterprise Root CA .C、Purchase a certificate from a third-party certification authority. Install and configure the Active Directory Certificate SD、Purchase a certificate from a third-party certification authority. Import the certificate into the computer store of the sc

Your company has an Active Directory domain. All servers run Windows Server 2008 R2.  Your  company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA.  The Enterprise Intermediate CA certificate expires.    You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do()A、Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.B、Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA  server.C、Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers  group policy object.D、Import the new certificate into the Intermediate Certification Store in the Default Domain group policy  object.

Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). You have a server named Server1. Server1 is configured as an enterprise root certification authority (CA). You perform a complete backup of Server1 that includes the system state. Server1 fails. You install a new server named Server1. You need to recover the enterprise root CA. What should you do? ()A、Restore the system state backup.B、Restore the %systemroot%/system32/certsrv folder.C、From the Certificates snap-in, import the enterprise root CA certificate.D、From the Certificates snap-in, import the enterprise root CA certificate revocation list (CRL).

You have a Windows Server 2008 R2 that has the Active Directory Certificate Services server role   installed.   You need to minimize the amount of time it takes for client computers to download a certificate revocation  list (CRL). What should you do()A、Install and configure an Online Responder.B、Install and configure an additional domain controller.C、Import the Root CA certificate into the Trusted Root Certification Authorities store on all client  workstations.D、Import the Issuing CA certificate into the Trusted Root Certification Authorities store on all client  workstations.

Your network contains an Active Directory forest. The forest contains two domains.  You have a standalone root certification authority (CA).   On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an  enterprise CA is disabled.   You need to install an enterprise subordinate CA on the server.   What should you use to log on to the new server()A、an account that is a member of the Certificate Publishers group in the child domainB、an account that is a member of the Certificate Publishers group in the forest root domainC、an account that is a member of the Schema Admins group in the forest root domainD、an account that is a member of the Enterprise Admins group in the forest root domain

You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2.   Server1 is configured as an enterprise root certification authority (CA).    You install the Online Responder role service on Server2.    You need to configure Server1 to support the Online Responder. What should you do()A、Import the enterprise root CA certificate.B、Configure the Certificate Revocation List Distribution Point extension.C、Configure the Authority Information Access (AIA) extension.D、Add the Server2 computer account to the CertPublishers group.

ou have a Windows Server 2008 Enterprise Root CA. Security policy prevents port 443 and port 80 from being opened on domain controllers and on the issuing CA. You need to allow users to request certificates from a Web interface. You install the AD CS role. What should you do next()A、Configure the Online Responder Role Service on a member server.B、Configure the Online Responder Role Service on a domain controller.C、Configure the Certification Authority Web Enrollment Role Service on a member server.D、Configure the Certification Authority Web Enrollment Role Service on a domain controller.

You have two servers named Server1 and Server2. Both servers run Windows Server 2008. Server1 is configured as an enterprise root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server1 to support the Online Responder. What should you do()A、Import the enterprise root CA certificate.B、Configure the Certificate Distribution Point (CDP) extension.C、Configure the Authority Information Access (AIA) extension.D、Add the Server2 computer account to the CertPublishers group.

You have a Windows Server 2008 that has the Active Directory Certificate Services server role installed. You need to minimize the amount of time it takes to download a certificate revocation list (CRL). What should you do()A、Install and configure an Online Responder.B、Install and configure an addtional domain controller.C、Import the Root CA certificate into the Trusted Root Certification Authorities on all client workstations.D、Import the Issuing CA certificate into the Trusted Root Certification Authorities on all client workstations.

You need to design a security solution for the internally developed Web applications that meets business requirements. What should you do?()A、Install and configure a stand-alone root certification authorative (CA) that is trusted by all company client computers. Issue encryption certificates to all developersB、Install and configure root certification authority (CA) that is trusted by all company client computers. Issue code-signing certificates to all developersC、Purchase a root certification from a trusted commercial certification authority (CA). Install the root certificated on all developers’ computersD、Purchase a code-signing certificate from a trusted commercial certification authority (CA). Install the certificate on all company client computers

单选题You have an Active Directory domain that runs Windows Server 2008 R2. You need to implement  a certification authority (CA) server that meets the following requirements:     - Allows the certification authority to automatically issue certificates  - Integrates with Active Directory Domain Services     What should you do()AInstall and configure the Active Directory Certificate Services server role as a Standalone Root CA .BInstall and configure the Active Directory Certificate Services server role as an Enterprise Root CA .CPurchase a certificate from a third-party certification authority. Install and configure the Active Directory Certificate SDPurchase a certificate from a third-party certification authority. Import the certificate into the computer store of the sc

多选题Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate Services  (AD CS) is configured as a standalone Certification Authority (CA) on the server. You need to audit changes to the CA configuration settings and the CA security settings. Which two tasks should you perform()AConfigure auditing in the Certification Authority snap-in.BEnable  auditing  of  successful  and  failed  attempts  to  change  permissions  on  files  in  the %SYSTEM32%/CertSrv directory.CEnable auditing of successful and failed attempts to write to files in the %SYSTEM32%/CertLog directory.DEnable the Audit object access setting in the Local Security Policy for the Active Directory Certificate  Services (AD CS) server.

单选题Your company has an Active Directory domain. You have a two-tier PKI infrastructure that  contains an offline root CA and an online issuing CA. The Enterprise certification authority is  running Windows Server 2008 R2.   You need to ensure users are able to enroll new certificates.     What should you do()ARenew the Certificate Revocation List (CRL) on the root CA . Copy the CRL to the CertEnroll folder on the issuing CBRenew the Certificate Revocation List (CRL) on the issuing CA . Copy the CRL to the SystemCertificates folder in thCImport the root CA certificate into the Trusted Root Certification Authorities store on all client workstations.DImport the issuing CA certificate into the Intermediate Certification Authorities store on all client workstations.

多选题Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate  Services (AD CS) is configured as a standalone Certification Authority (CA) on the server. You  need to audit changes to the CA configuration settings and the CA security settings.     Which two tasks should you perform()AConfigure auditing in the Certification Authority snap-in.BEnable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32%/CertSrv direCEnable auditing of successful and failed attempts to write to files in the %SYSTEM32%/CertLog directory.DEnable the Audit object access setting in the Local Security Policy for the Active Directory Certificate Services

单选题Your company has an Active Directory domain. You install an Enterprise Root certification authority (CA) on a member server named Server1. You need to ensure that only the Security Manager is authorized to revoke certificates that are supplied by Server1. What should you do()ARemove the Request Certificates permission from the Domain Users group.BRemove the Request Certificated permission from the Authenticated Users group.CAssign the Allow - Manage CA permission toonly  the Security Manager user Account.DAssign the Allow - Issue and Manage Certificates permission to only the Security Manger user account

单选题You have an Exchange organization.All servers in the organization have Exchange Server 2010 Service Pack 1 (SP1) installed.The network contains an internal root certification authority (CA).Users on the network use Outlook Anywhere.A Client Access server uses a wildcard certificate issued by a trusted third-party root CA.You need to ensure that users can send and receive encrypted e-mail messages by using S/MIME. What should you do?()AInstruct all users to import the third-party root CA certificate.BImport the internal root CA certificate to the Client Access server.CInstruct all users to import the internal root CA certificate.DIssue a certificate to each user from the internal root CA

单选题You need to design a security solution for the internally developed Web applications that meets business requirements. What should you do?()AInstall and configure a stand-alone root certification authorative (CA) that is trusted by all company client computers. Issue encryption certificates to all developersBInstall and configure root certification authority (CA) that is trusted by all company client computers. Issue code-signing certificates to all developersCPurchase a root certification from a trusted commercial certification authority (CA). Install the root certificated on all developers’ computersDPurchase a code-signing certificate from a trusted commercial certification authority (CA). Install the certificate on all company client computers

单选题You need to design a PKI for Litware, Inc. What should you do?()AAdd one offline stand-alone root certificate authority(CA).Add two online enterprise subordinate CAsBAdd one online stand-alone root certification authority(CA).Add two online enterprise subordinate CAsCAdd one online enterprise root certification authority CA).Add one offline enterprise subordinate CADAdd one online enterprise root certification authority(CA).Add two online enterprise subordinate CAs

多选题You have two servers named Server1 and Server2. Both servers run Windows Server 2008. Server1 is configured as an Enterprise Root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server2 to issue certificate revocation lists (CRL) for the enterprise root CA. Which two tasks should you perform()AImport the enterprise root CA certificate.BImport the OCSP Response Signing certificate.CAdd the Server1 computer account to the CertPublishers group.DSet the Startup Type of the Certificate Propagation service to Automatic.

单选题Your network contains an Active Directory forest. The forest contains two domains. You have a  standalone root certification authority (CA).     On a server in the child domain, you run the Add Roles Wizard and discover that the option to  select an enterprise CA is disabled.     You need to install an enterprise subordinate CA on the server.     What should you use to log on to the new server()Aan account that is a member of the Certificate Publishers group in the child domainBan account that is a member of the Certificate Publishers group in the forest root domainCan account that is a member of the Schema Admins group in the forest root domainDan account that is a member of the Enterprise Admins group in the forest root domain