CMS专题
单选题Your network contains an enterprise root certification authority (CA). You need to ensure that a certificate issued by the CA is valid. What should you do()A Run syskey.exe and use the Update option. T.he safer ,easier way to help you pass any IT exa
题目
Run syskey.exe and use the Update option. T.he safer ,easier way to help you pass any IT exams. 4 / 90
Run sigverif.exe and use the Advanced option.
Run certutil.exe and specify the -verify parameter.
Run certreq.exe and specify the -retrieve parameter.
相似问题和答案
第1题:
Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA. The Enterprise Intermediate CA certificate expires. You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do()
- A、Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.
- B、Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.
- C、Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group policy object.
- D、Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.
正确答案:D
第2题:
Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company runs an Enterprise Root certification authority (CA). You need to ensure that only administrators can sign code. Which two task should you perform()
- A、Publish the code signing template.
- B、Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and allow only administrators to apply the policy.
- C、Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted Publishers.
- D、Modify the security settings on the template to allow only administrators to request code signing certificates.
正确答案:A,D
第3题:
You need to design phase one of the new authentication strategy. Your solution must meet business requirements.What should you do?()
- A、Install a Windows Server 2003 enterprise root CA, Configure certificate templates for autoenrollment
- B、Install a Windows Server 2003 enterprise subordinate CA, Configure certificate templates for autoenrollment
- C、Install a Windows Server 2003 stand-alone subordinate CA, Write a logon script for the client computers in the HR department that contains the Certreq.execommand
- D、Install a Windows Server 2003 stand-alone root CA,Write a logon script for the client computers in the HR department that contains the Certreq.execommand
正确答案:B
第4题:
Add an enterprise root CA to the northwindtraders.com domain. Configure cross-certification between the northwindtraders.com domain and the boston.northwindtraders.com domain
Add an enterprise subordinate issuing CA to the northwindtraders.com domain. Configure qualified subordination for the enterprise subordinate issuing CA in Boston
Add enterprise subordinate issuing CAs to the New York, Boston, and Seattle LANs. Configure qualified subordinations for each enterprise subordinate issuing CA
Add a stand-alone commercial issuing CA to only the northwindtraders.com domain. Configure cross-certification between the commercial CA and the boston.northwindtraders.com domain
第5题:
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. The network contains 100 servers and 5,000 client computers. The client computers run either Windows XP Service Pack 1 or Windows 7. You need to plan a VPN solution that meets the following requirements: èStores VPN passwords as encrypted text èSupports Suite B cryptographic algorithms èSupports automatic enrollment of certificates èSupports client computers that are configured as members of a workgroup What should you include in your plan?()
- A、Upgrade the client computers to Windows XP Service Pack 3. Implement a stand-alone certification authority (CA). Implement an IPsec VPN that uses certificate-based authentication.
- B、Upgrade the client computers to Windows XP Service Pack 3. Implement an enterprise certification authority (CA) that is based on Windows Server?2008 R2. Implement an IPsec VPN that uses Kerberos authentication.
- C、Upgrade the client computers to Windows 7. Implement an enterprise certification authority (CA) that is based on Windows Server 2008 R2. Implement an IPsec VPN that uses pre-shared keys.
- D、Upgrade the client computers to Windows 7. Implement an enterprise certification authority (CA) that is based on Windows Server 2008 R2. Implement an IPsec VPN that uses certificate-based authentication.
正确答案:D
第6题:
Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). You have a server named Server1. Server1 is configured as an enterprise root certification authority (CA). You perform a complete backup of Server1 that includes the system state. Server1 fails. You install a new server named Server1. You need to recover the enterprise root CA. What should you do? ()
- A、Restore the system state backup.
- B、Restore the %systemroot%/system32/certsrv folder.
- C、From the Certificates snap-in, import the enterprise root CA certificate.
- D、From the Certificates snap-in, import the enterprise root CA certificate revocation list (CRL).
正确答案:A
第7题:
Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server()
- A、an account that is a member of the Certificate Publishers group in the child domain
- B、an account that is a member of the Certificate Publishers group in the forest root domain
- C、an account that is a member of the Schema Admins group in the forest root domain
- D、an account that is a member of the Enterprise Admins group in the forest root domain
正确答案:D
第8题:
Your network contains a Network Policy and Access Services server named Server1. All certificates in theorganization are issued by an enterprise certification authority (CA) named Server2. You have a standalonecomputer named Computer1 that runs Windows 7. Computer1 has a VPN connection that connects toServer1 by using SSTP. You attempt to establish the VPN connection to Server1 and receive the followingerror message: A certificate chain processed, but terminated in a root certificate which is not trusted by thetrust provider. You need to ensure that you can successfully establish the VPN connection to Server1. What should you do on Computer1?()
- A、Import the root certificate to the user s Trusted Publishers store.
- B、Import the root certificate to the computer s Trusted Root Certification Authorities store.
- C、Import the server certificate of Server1 to the user s Trusted Root Certification Authorities store.
- D、Import the server certificate of Server1 to the computer s Trusted Root Certification Authorities store.
正确答案:B
第9题:
Your network contains an enterprise root certification authority (CA). You need to ensure that a certificate issued by the CA is valid. What should you do()
- A、Run syskey.exe and use the Update option.
- B、Run sigverif.exe and use the Advanced option.
- C、Run certutil.exe and specify the -verify parameter.
- D、Run certreq.exe and specify the -retrieve parameter.
正确答案:C
第10题:
Renew the Certificate Revocation List (CRL) on the root CA . Copy the CRL to the CertEnroll folder on the issuing C
Renew the Certificate Revocation List (CRL) on the issuing CA . Copy the CRL to the SystemCertificates folder in th
Import the root CA certificate into the Trusted Root Certification Authorities store on all client workstations.
Import the issuing CA certificate into the Intermediate Certification Authorities store on all client workstations.