单选题If a certificate authority trustpoint is not configured when enabling HTTPS and the remote HTTPS server requires client authentication, connections to the secure HTTP client will fail. Which command must be enabled for correct operation?()Aip http client secure-ciphersuite 3des-ede-cbc-shaBip https max-connections 10Cip http timeout-policy idle 30 life 120 requests 100Dip http client secure-trustpoint trustpoint-name
单选题
If a certificate authority trustpoint is not configured when enabling HTTPS and the remote HTTPS server requires client authentication, connections to the secure HTTP client will fail. Which command must be enabled for correct operation?()
A
ip http client secure-ciphersuite 3des-ede-cbc-sha
B
ip https max-connections 10
C
ip http timeout-policy idle 30 life 120 requests 100
D
ip http client secure-trustpoint trustpoint-name
参考解析
解析:
暂无解析
相关考题:
You are setting up a Junos Pulse Access Control Service. You cannot obtain a device certificate from an external certificate authority.Which tool should you use to generate a device certificate?() A.OpenSSLB.OpenSSHC.OpenLDAPD.OpenRADIUS
Which of the following is NOT related to a Public key infrastructure (PKI)?以下哪个概念与公钥基础设施(PKI)无关?()A、A X.509 certificate(X.509证书)B、A Ticket Granting Service(票据授予服务)C、A Registration authority(注册机构)D、A Certificate authority(证书机构)
You have an Active Directory domain that runs Windows Server 2008 R2. You need to implement a certification authority (CA) server that meets the following requirements: - Allows the certification authority to automatically issue certificates - Integrates with Active Directory Domain Services What should you do()A、Install and configure the Active Directory Certificate Services server role as a Standalone Root CA .B、Install and configure the Active Directory Certificate Services server role as an Enterprise Root CA .C、Purchase a certificate from a third-party certification authority. Install and configure the Active Directory Certificate SD、Purchase a certificate from a third-party certification authority. Import the certificate into the computer store of the sc
If a certificate authority trustpoint is not configured when enabling HTTPS and the remote HTTPS server requires client authentication, connections to the secure HTTP client will fail. Which command must be enabled for correct operation?()A、ip http client secure-ciphersuite 3des-ede-cbc-shaB、ip https max-connections 10C、ip http timeout-policy idle 30 life 120 requests 100D、ip http client secure-trustpoint trustpoint-name
You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()A、The MAG Series device has multiple ports associated with the certificate.B、The MAG Series device's serial number needs to be configured on the SRX Series device.C、The SRX Series device must have a certificate signed by the same authority as the MAG Series device.D、The MAG Series device and SRX Series device are not synchronized to an NTP server.
You have an enterprise subordinate certification authority (CA). The CA is configured to use a hardware security module. You need to back up Active Directory Certificate Services on the CA. Which command should you run()A、certutil.exe backupB、certutil.exe backupdbC、certutil.exe backupkeyD、certutil.exe store
Your company has an internal Web application that uses a self-signed SSL certificate. The company has an internal certification authority (CA) with autoenrollment.When users attempt to start the Web application, Internet Explorer displays an error message that recommends closing the Web page rather than continuing to the application. You need to ensure that Internet Explorer does not display the error message. What should you do?()A、Issue a certificate from the internal CA and install it on the application serverB、Install the Web application’s certificate into the computer store on each client computerC、Install the Web application’s certificate into the personal store on each client computer. Add the application’s URL to the Trusted Sites zone in Internet ExplorerD、Purchase a commercial certificate and install it on the internal CA
Your network contains a stand-alone certification authority (CA) and a Web server. The Web server hosts a secure Web site. The Web site uses a server certificate that was issued from the CA. Users report that they receive a certificate warning message when they connect to the Web site. You need to prevent users from receiving the certificate warning message when they connect to the Web site. What should you do from the Internet Options in Internet Explorer?() A、Import the CA certificate to the trusted root CA certificate store. B、Import the server authentication certificate to the trusted publishers certificate store.C、Clear the Check for publisher's certificate revocation check box. D、Clear the Require server verification (https:) for all sites in this zone check box for the Trusted sites zone.
Your network contains a Web server named Server1 that runs Windows Server 2003 and Internet Information Server (IIS). Server1 has a server certificate from an Enterprise Certificate Authority (CA) installed. External users report that when they try to access the Web site from outside the corporate network by using a Web browser, they receive the following warning message: There is a problem with this Web sites security certificate. The security certificate presented by this Web site was not issued by a trusted certificate authority. You find that users onthe corporate network do not receive this error. You need to ensure that external users do not receive the warning message when connecting to Server1. What should you do?()A、In IIS Manager, enable the Enable client certificate mapping option.B、In IIS Manager, replace the certificate with a certificate obtained from a public Certification Authority.C、In Local Security Policy, enable Domain Member: Require strong (Windows 2000 or later) session key.D、In Local Security Policy, enable Domain Member: Digitally encrypt or sign secure channel data (always).
You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2. Server1 is configured as an enterprise root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server1 to support the Online Responder. What should you do()A、Import the enterprise root CA certificate.B、Configure the Certificate Revocation List Distribution Point extension.C、Configure the Authority Information Access (AIA) extension.D、Add the Server2 computer account to the CertPublishers group.
You have two servers named Server1 and Server2. Both servers run Windows Server 2008. Server1 is configured as an enterprise root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server1 to support the Online Responder. What should you do()A、Import the enterprise root CA certificate.B、Configure the Certificate Distribution Point (CDP) extension.C、Configure the Authority Information Access (AIA) extension.D、Add the Server2 computer account to the CertPublishers group.
单选题Which of the following is NOT related to a Public key infrastructure (PKI)?以下哪个概念与公钥基础设施(PKI)无关?()AA X.509 certificate(X.509证书)BA Ticket Granting Service(票据授予服务)CA Registration authority(注册机构)DA Certificate authority(证书机构)
单选题You are setting up a Junos Pulse Access Control Service. You cannot obtain a device certificate from an external certificate authority.Which tool should you use to generate a device certificate?()AOpenSSLBOpenSSHCOpenLDAPDOpenRADIUS
多选题Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate Services (AD CS) is configured as a standalone Certification Authority (CA) on the server. You need to audit changes to the CA configuration settings and the CA security settings. Which two tasks should you perform()AConfigure auditing in the Certification Authority snap-in.BEnable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32%/CertSrv directory.CEnable auditing of successful and failed attempts to write to files in the %SYSTEM32%/CertLog directory.DEnable the Audit object access setting in the Local Security Policy for the Active Directory Certificate Services (AD CS) server.
单选题You have a server named Server1 that has the following Active Directory Certificate Services (AD CS) role services installed: ( Enterprise root certification authority (CA) .Certificate Enrollment Web Service .Certificate Enrollment Policy Web Service You create a new certificate template. External users report that the new template is unavailable when they request a new certificate. You verify that all other templates are available to the external users. You need to ensure that the external users can request certificates by using the new template. What should you do on Server1()ARun iisreset.exe /restart. BRun gpupdate.exe /force. CRun certutil.exe dspublish.DRestart the Active Directory Certificate Services service.
多选题You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?()AThe MAG Series device has multiple ports associated with the certificate.BThe MAG Series device's serial number needs to be configured on the SRX Series device.CThe SRX Series device must have a certificate signed by the same authority as the MAG Series device.DThe MAG Series device and SRX Series device are not synchronized to an NTP server.
多选题You have two servers named Server1 and Server2. Both servers run Windows Server 2008. Server1 is configured as an Enterprise Root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server2 to issue certificate revocation lists (CRL) for the enterprise root CA. Which two tasks should you perform()AImport the enterprise root CA certificate.BImport the OCSP Response Signing certificate.CAdd the Server1 computer account to the CertPublishers group.DSet the Startup Type of the Certificate Propagation service to Automatic.
单选题This certificate is issued under the authority of the said Government,and it will remain in () until Jan 1 2008.AstrengthBpowerCforceDstress
单选题Your network contains a Web server named Server1 that runs Windows Server 2003 and Internet Information Server (IIS). Server1 has a server certificate from an Enterprise Certificate Authority (CA) installed. External users report that when they try to access the Web site from outside the corporate network by using a Web browser, they receive the following warning message: There is a problem with this Web sites security certificate. The security certificate presented by this Web site was not issued by a trusted certificate authority. You find that users onthe corporate network do not receive this error. You need to ensure that external users do not receive the warning message when connecting to Server1. What should you do?()AIn IIS Manager, enable the Enable client certificate mapping option.BIn IIS Manager, replace the certificate with a certificate obtained from a public Certification Authority.CIn Local Security Policy, enable Domain Member: Require strong (Windows 2000 or later) session key.DIn Local Security Policy, enable Domain Member: Digitally encrypt or sign secure channel data (always).