单选题You have a Windows Server 2008 R2 Enterprise Root CA . Security policy prevents port 443 and  port 80 from being opened on domain controllers and on the issuing CA .   You need to allow users to request certificates from a Web interface. You install th

第1题：

You plan to deploy Exchange Server 2010 on a new server. The server will be a member of a database availability group. You need to identify the operating system that can be installed on the server to support Exchange Server 2010. Your solution must minimize costs.  Which operating system should you identify（）？ 

• A、Windows Server 2003 R2 Standard Edition
• B、Windows Server 2008 R2 Standard Edition
• C、Windows Server 2003 Service Pack 2 （SP2） Enterprise Edition
• D、Windows Server 2008 Service Pack 2 （SP2） Enterprise Edition

第2题：

You have a Windows Server 2008 R2 that has the Active Directory Certificate Services server role   installed.   You need to minimize the amount of time it takes for client computers to download a certificate revocation  list （CRL）. What should you do（）

• A、Install and configure an Online Responder.
• B、Install and configure an additional domain controller.
• C、Import the Root CA certificate into the Trusted Root Certification Authorities store on all client  workstations.
• D、Import the Issuing CA certificate into the Trusted Root Certification Authorities store on all client  workstations.

第3题：

Your company has an Active Directory domain. All servers run Windows Server 2008 R2.  Your  company uses an Enterprise Root certification authority （CA） and an Enterprise Intermediate CA.  The Enterprise Intermediate CA certificate expires.    You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do（）

• A、Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.
• B、Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA  server.
• C、Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers  group policy object.
• D、Import the new certificate into the Intermediate Certification Store in the Default Domain group policy  object.

第4题：

You have two servers named Server1 and Server2. Both servers run Windows Server 2008. Server1 is configured as an enterprise root certification authority （CA）. You install the Online Responder role service on Server2. You need to configure Server1 to support the Online Responder. What should you do（）

• A、Import the enterprise root CA certificate.
• B、Configure the Certificate Distribution Point （CDP） extension.
• C、Configure the Authority Information Access （AIA） extension.
• D、Add the Server2 computer account to the CertPublishers group.

第5题：

You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2.   Server1 is configured as an enterprise root certification authority （CA）.    You install the Online Responder role service on Server2.    You need to configure Server1 to support the Online Responder. What should you do（）

• A、Import the enterprise root CA certificate.
• B、Configure the Certificate Revocation List Distribution Point extension.
• C、Configure the Authority Information Access （AIA） extension.
• D、Add the Server2 computer account to the CertPublishers group.

第6题：

You have a Windows Server 2008 R2 Enterprise Root certification authority （CA）. You need to  grant members of the Account Operators group the ability to only manage Basic EFS certificates.     You grant the Account Operators group the Issue and Manage Certificates permission on the CA .   Which three tasks should you perform next（）

• A、Enable the Restrict Enrollment Agents option on the CA .
• B、Enable the Restrict Certificate Managers option on the CA .
• C、Add the Basic EFS certificate template for the Account Operators group.
• D、Grant the Account Operators group the Manage CA permission on the CA .
• E、Remove all unnecessary certificate templates that are assigned to the Account Operators group.

第7题：

Your network contains an Active Directory forest. The forest contains two domains.  You have a standalone root certification authority （CA）.   On a server in the child domain， you run the Add Roles Wizard and discover that the option to select an  enterprise CA is disabled.   You need to install an enterprise subordinate CA on the server.   What should you use to log on to the new server（）

• A、an account that is a member of the Certificate Publishers group in the child domain
• B、an account that is a member of the Certificate Publishers group in the forest root domain
• C、an account that is a member of the Schema Admins group in the forest root domain
• D、an account that is a member of the Enterprise Admins group in the forest root domain

第8题：

Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). You have a server named Server1. Server1 is configured as an enterprise root certification authority (CA). You perform a complete backup of Server1 that includes the system state. Server1 fails. You install a new server named Server1. You need to recover the enterprise root CA. What should you do? （）

• A、Restore the system state backup.
• B、Restore the %systemroot%/system32/certsrv folder.
• C、From the Certificates snap-in, import the enterprise root CA certificate.
• D、From the Certificates snap-in, import the enterprise root CA certificate revocation list (CRL).

第9题：

You need to recommend a Windows Server 2008 R2 server configuration that meets the following  requirements：   èSupports the installation of Microsoft SQL Server 2008   èProvides redundancy for SQL services if a single server fails What should you recommend？（） 

• A、Install a Server Core installation of Windows Server 2008 R2 Enterprise on two servers. Configure the servers in a failover cluster.
• B、Install a full installation of Windows Server 2008 R2 Standard on two servers. Configure Network Load Balancing on the two servers.
• C、Install a full installation of Windows Server 2008 R2 Enterprise on two servers. Configure Network Load Balancing on the two servers.
• D、Install a full installation of Windows Server 2008 R2 Enterprise on two servers. Configure the servers in a failover cluster.

第10题：

Your network contains an Active Directory forest. All domain controllers run Windows Server  2008 Standard. The functional level of the domain is Windows Server 2003. You have a  certification authority （CA）.   The relevant servers in the domain are configured as shown in the following table：     Server name  Operating system  Server role   Server1  Windows Server 2003  Enterprise root CA  Server2  Windows Server 2008  Enterprise subordinate CA  Server3  Windows Server 2008 R2  Web Server   You need to ensure that you can install the Active Directory Certificate Services （AD CS）  Certificate Enrollment Web Service on the network.     What should you do（）

• A、Upgrade Server1 to Windows Server 2008 R2.
• B、Upgrade Server2 to Windows Server 2008 R2.
• C、Raise the functional level of the domain to Windows Server 2008.
• D、Install the Windows Server 2008 R2 Active Directory Schema updates.