单选题You add an Online Responder to an Online Responder Array. You need to ensure that the new  Online Responder resolves synchronization conflicts for all members of the Array.     What should you do（）A From Network Load Balancing Manager， set the priority

第1题：

Your company has an Active Directory domain. AlI servers run Windows Server 2008. Your company uses an Enterprise Root certificate authority （CA）. You need to ensure that revoked certificate information is highly available. What should you do（）

• A、Implement an Online Certificate Status Protocol （OCSP） responder by using Network Load Balancing.
• B、Implement an Online Certificate Status Protocol （OCSP） responder by using an Internet Security and Acceleration Server array.
• C、Publish the trusted certificate authorities list to the domain by using a Group Policy Object （GPO）.
• D、Create a new Group Policy Object （GPO） that allows users to trust peer certificates. Link the GPO to the domain.

第2题：

Your network is configured as shown in the following diagram.You deploy an enterprise certification authority （CA） on the internal network. You also deploy a Microsoft   Online Responder on the internal network.   You need to recommend a secure method for Internet users to verify the validity of individual certificates.   The solution must minimize network bandwidth. What should you recommend？（）

• A、Deploy a subordinate CA on the perimeter network.
• B、Install a stand-alone CA and the Network Device Enrollment Service （NDES） on a server on the perimeter network.
• C、Install a Network Policy Server （NPS） on a server on the perimeter network. Redirect authentication  requests to a server on the internal network.
• D、Install Microsoft Internet Information Services （IIS） on a server on the perimeter network. Configure IIS  to redirect requests to the Online Responder on the internal network.

第3题：

You add an Online Responder to an Online Responder Array. You need to ensure that the new  Online Responder resolves synchronization conflicts for all members of the Array.     What should you do（）

• A、From Network Load Balancing Manager， set the priority ID of the new Online Responder to 1.
• B、From Network Load Balancing Manager， set the priority ID of the new Online Responder to 32.
• C、From the Online Responder Management Console， select the new Online Responder， and then select Set as Array
• D、From the Online Responder Management Console， select the new Online Responder， and then select Synchronize

第4题：

You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2.   Server1 is configured as an enterprise root certification authority （CA）.    You install the Online Responder role service on Server2.    You need to configure Server1 to support the Online Responder. What should you do（）

• A、Import the enterprise root CA certificate.
• B、Configure the Certificate Revocation List Distribution Point extension.
• C、Configure the Authority Information Access （AIA） extension.
• D、Add the Server2 computer account to the CertPublishers group.

第5题：

You have a Windows Server 2008 R2 Enterprise Root CA . Security policy prevents port 443 and  port 80 from being opened on domain controllers and on the issuing CA .   You need to allow users to request certificates from a Web interface. You install the Active  Directory Certificate Services （AD CS） server role.     What should you do next（）

• A、Configure the Online Responder Role Service on a member server.
• B、Configure the Online Responder Role Service on a domain controller.
• C、Configure the Certificate Enrollment Web Service role service on a member server.
• D、Configure the Certificate Enrollment Web Service role service on a domain controller.

第6题：

You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain.   You administer a Network Load Balancing cluster that consists of three nodes. Each node runs Windows Server 2003 and contains a single network adapter. The Network Load Balancing cluster can run only in unicast mode. The Network Load Balancing cluster has converged successfully.   To increase the utilization of the cluster， you decide to move a particular application to each node of the cluster. For this application to run， you must add a Network Load Balancing port rule to the nodes of the cluster.   You start Network Load Balancing Manager on the second node of the cluster. However， Network Load Balancing Manager displays a message that it cannot communicate with the other two nodes of the cluster.  You want to add the port rule to the nodes of the cluster.   What should you do？  （）

• A、 Use Network Load Balancing Manager on the Network Load Balancing default host to add the port rule.
• B、 Change the host priority of the second node to be the highest in the cluster， and then use Network Load Balancing Manager to add the port rule.
• C、 Run the nlb.exe drain command on each node， and then use Network Load Balancing Manager to add the port rule.
• D、 Add the port rule through Network Connections Properties on each node.

第7题：

Certkiller.com runs Window Server 2008 on all of its servers. It has a single Active Directory domain and it uses Enterprise Certificate Authority. The security policy at Certkiller .com makes it necessary to examine revoked certificate information.  You need to make sure that the revoked certificate information is available at all times. What should you do to achieve that（）

• A、Add and configure a new GPO （Group Policy Object） that enables users to accept peer certificates and link the GPO to the domain.
• B、Configure and use a GPO to publish a list of trusted certificate authorities to the domain
• C、Configure and publish an OCSP （Online certificate status protocol） responder through ISAS （Internet Security and Acceleration Server） array.
• D、Use network load balancing and publish an OCSP responder.
• E、None of the above

第8题：

You have a Windows Server 2008 R2 that has the Active Directory Certificate Services server  role installed.   You need to minimize the amount of time it takes for client computers to download a certificate  revocation list （CRL）.     What should you do（）

• A、Install and configure an Online Responder.
• B、Install and configure an additional domain controller.
• C、Import the Root CA certificate into the Trusted Root Certification Authorities store on all client workstations.
• D、Import the Issuing CA certificate into the Trusted Root Certification Authorities store on all client workstations.

第9题：

You have two Exchange Server 2010 servers that have the Client Access， Hub Transport， and Mailbox server roles installed.The servers are members of a database availability group （DAG）.You need to ensure that all users can access the Client Access server if a single server or service fails.What should you do？（）

• A、from DNS manager， create two new records for the Client Access servers.
• B、from Failover Cluster Manager， create a new service named Client Access Server and assign a new IP address.
• C、Install the Network Load Balancing feature on each server and assign a second IP address to each network adapter.
• D、Deploy a hardware load balancer.Create a DNS record for the virtual IP address and configure a Client Access server array.

第10题：

ou have a Windows Server 2008 Enterprise Root CA. Security policy prevents port 443 and port 80 from being opened on domain controllers and on the issuing CA. You need to allow users to request certificates from a Web interface. You install the AD CS role. What should you do next（）

• A、Configure the Online Responder Role Service on a member server.
• B、Configure the Online Responder Role Service on a domain controller.
• C、Configure the Certification Authority Web Enrollment Role Service on a member server.
• D、Configure the Certification Authority Web Enrollment Role Service on a domain controller.