单选题You have an enterprise subordinate certification authority (CA) configured for key archival. Three key  recovery agent certificates are issued.   The CA is configured to use two recovery agents.   You need to ensure that all of the recovery agent certi

题目
单选题
You have an enterprise subordinate certification authority (CA) configured for key archival. Three key  recovery agent certificates are issued.   The CA is configured to use two recovery agents.   You need to ensure that all of the recovery agent certificates can be used to recover all new private keys.   What should you do()
A

Add a data recovery agent to the Default Domain Policy.

B

Modify the value in the Number of recovery agents to use box.

C

Revoke the current key recovery agent certificates and issue three new key recovery agent certificates.

D

Assign the Issue and Manage Certificates permission to users who have the key recovery agent  certificates.

相似考题

1. Your company has an Active Directory domain. You have a two-tier PKI infrastructure that  contains an offline root CA and an online issuing CA. The Enterprise certification authority is  running Windows Server 2008 R2.   You need to ensure users are able to enroll new certificates.     What should you do()A、Renew the Certificate Revocation List (CRL) on the root CA . Copy the CRL to the CertEnroll folder on the issuing CB、Renew the Certificate Revocation List (CRL) on the issuing CA . Copy the CRL to the SystemCertificates folder in thC、Import the root CA certificate into the Trusted Root Certification Authorities store on all client workstations.D、Import the issuing CA certificate into the Intermediate Certification Authorities store on all client workstations.

2. Your network contains an Active Directory forest. The forest contains two domains. You have a  standalone root certification authority (CA).     On a server in the child domain, you run the Add Roles Wizard and discover that the option to  select an enterprise CA is disabled.     You need to install an enterprise subordinate CA on the server.     What should you use to log on to the new server()A、an account that is a member of the Certificate Publishers group in the child domainB、an account that is a member of the Certificate Publishers group in the forest root domainC、an account that is a member of the Schema Admins group in the forest root domainD、an account that is a member of the Enterprise Admins group in the forest root domain

3.Your company uses a Windows 2008 Enterprise certificate authority (CA) to issue certificates. You need to implement key archival. What should you do()A、Archive the private key on the server.B、Apply the Hisecdc security template to the domain controllers.C、Configure the certificate for automatic enrollment for the computers that store encrypted files.D、Install an Enterprise Subordinate CA and issue a user certificate to users of the encrypted files.

4.You need to design a PKI for Litware, Inc. What should you do?()A、Add one offline stand-alone root certificate authority(CA).Add two online enterprise subordinate CAsB、Add one online stand-alone root certification authority(CA).Add two online enterprise subordinate CAsC、Add one online enterprise root certification authority CA).Add one offline enterprise subordinate CAD、Add one online enterprise root certification authority(CA).Add two online enterprise subordinate CAs

更多“单选题You have an enterprise subordinate certification authority (CA) configured for key archival. Three key  recovery agent certificates are issued.   The CA is configured to use two recovery agents.   You need to ensure that all of the recovery agent certi”相关问题

  • 第1题:

    You have an enterprise subordinate certification authority (CA) configured for key archival. Three key  recovery agent certificates are issued.   The CA is configured to use two recovery agents.   You need to ensure that all of the recovery agent certificates can be used to recover all new private keys.   What should you do()

    • A、Add a data recovery agent to the Default Domain Policy.
    • B、Modify the value in the Number of recovery agents to use box.
    • C、Revoke the current key recovery agent certificates and issue three new key recovery agent certificates.
    • D、Assign the Issue and Manage Certificates permission to users who have the key recovery agent  certificates.

    正确答案:B

  • 第2题:

    Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). You have a server named Server1. Server1 is configured as an enterprise root certification authority (CA). You perform a complete backup of Server1 that includes the system state. Server1 fails. You install a new server named Server1. You need to recover the enterprise root CA. What should you do? ()

    • A、Restore the system state backup.
    • B、Restore the %systemroot%/system32/certsrv folder.
    • C、From the Certificates snap-in, import the enterprise root CA certificate.
    • D、From the Certificates snap-in, import the enterprise root CA certificate revocation list (CRL).

    正确答案:A

  • 第3题:

    You have an enterprise subordinate certification authority (CA).   You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for  autoenrollment.   You increase the template key length to 2,048 bits.   You need to ensure that all current certificate holders automatically enroll for a certificate that uses the  new template.   Which console should you use()

    • A、Active Directory Administrative Center
    • B、Certification Authority
    • C、Certificate Templates
    • D、Group Policy Management

    正确答案:C

  • 第4题:

    You have a computer that runs Windows 7. You create an Encrypting File System (EFS) recovery key andcertificate. You need to ensure that your user account can decrypt all EFS files on the  computer.  Whatshould you do?( )

    • A、From Credential Manager, add a Windows credential.
    • B、From Credential Manager, add a certificate-based credential.
    • C、From the local computer policy, add a data recovery agent.
    • D、From the local computer policy, modify the Restore files and directories setting.

    正确答案:C

  • 第5题:

    You have a computer named Computer1 that runs Windows XP Professional. Computer1 is a member of a workgroup. You need to prevent all users from encrypting files on Computer1. What should you do?() 

    • A、For all files, deny the Take ownership permission to the Everyone group. 
    • B、From the Local Security Policy, modify the Encrypting File System (EFS) properties.
    • C、From the Certificates snap-in, delete the recovery agent certificate. 
    • D、From the Certificates snap-in, delete all trusted root certification authority (CA) certificates. 

    正确答案:B

  • 第6题:

    You need to design Group Policy object (GPO) settings to support the use of the Encrypting File System (EFS). Your solution must meet business and security requirements. Which two actions should you perform?()

    • A、Designate a data recovery agent and issue an EFS certificate to the data recovery agent. Export the private key and restrict access to the exported key
    • B、Make the data recovery agent a local administrator on all client computers
    • C、Remove the default data recovery agent from the Default Domain Policy GPO. Then, include the new data recovery agent instead
    • D、Delete the Default Domain Policy GPO. Configure a new GPO linked to the domain that does not specify a data recovery agent

    正确答案:A,C

  • 第7题:

    单选题
    You have a computer named Computer1 that runs Windows XP Professional. Computer1 is a member of a workgroup. You need to prevent all users from encrypting files on Computer1. What should you do?()
    A

    For all files, deny the Take ownership permission to the Everyone group. 

    B

    From the Local Security Policy, modify the Encrypting File System (EFS) properties.

    C

    From the Certificates snap-in, delete the recovery agent certificate. 

    D

    From the Certificates snap-in, delete all trusted root certification authority (CA) certificates. 


    正确答案: D
    解析: 暂无解析

  • 第8题:

    单选题
    Your network consists of a single Active Directory domain. All servers run Windows Server 2003 Service Pack 2 (SP2). You have a server named Server1. Server1 is configured as an enterprise root certification authority (CA). You perform a complete backup of Server1 that includes the system state. Server1 fails. You install a new server named Server1. You need to recover the enterprise root CA. What should you do? ()
    A

    Restore the system state backup.

    B

    Restore the %systemroot%/system32/certsrv folder.

    C

    From the Certificates snap-in, import the enterprise root CA certificate.

    D

    From the Certificates snap-in, import the enterprise root CA certificate revocation list (CRL)


    正确答案: B
    解析: 暂无解析

  • 第9题:

    单选题
    You have an enterprise subordinate certification authority (CA).  The CA is configured to use a hardware security module.   You need to back up Active Directory Certificate Services on the CA.   Which command should you run()
    A

    certutil.exe backup

    B

    certutil.exe backupdb

    C

    certutil.exe backupkey

    D

    certutil.exe store


    正确答案: A
    解析: 暂无解析

  • 第10题:

    单选题
    Your company uses a Windows 2008 Enterprise certificate authority (CA) to issue certificates. You need to implement key archival. What should you do()
    A

    Archive the private key on the server.

    B

    Apply the Hisecdc security template to the domain controllers.

    C

    Configure the certificate for automatic enrollment for the computers that store encrypted files.

    D

    Install an Enterprise Subordinate CA and issue a user certificate to users of the encrypted files.


    正确答案: C
    解析: 暂无解析

  • 第11题:

    单选题
    You have a computer that runs Windows 7. You create an Encrypting File System (EFS) recovery key andcertificate. You need to ensure that your user account can decrypt all EFS files on the  computer.  Whatshould you do?( )
    A

    From Credential Manager, add a Windows credential.

    B

    From Credential Manager, add a certificate-based credential.

    C

    From the local computer policy, add a data recovery agent.

    D

    From the local computer policy, modify the Restore files and directories setting.


    正确答案: B
    解析: 暂无解析

  • 第12题:

    单选题
    Your company has an Active Directory domain. You have a two-tier PKI infrastructure that  contains an offline root CA and an online issuing CA. The Enterprise certification authority is  running Windows Server 2008 R2.   You need to ensure users are able to enroll new certificates.     What should you do()
    A

    Renew the Certificate Revocation List (CRL) on the root CA . Copy the CRL to the CertEnroll folder on the issuing C

    B

    Renew the Certificate Revocation List (CRL) on the issuing CA . Copy the CRL to the SystemCertificates folder in th

    C

    Import the root CA certificate into the Trusted Root Certification Authorities store on all client workstations.

    D

    Import the issuing CA certificate into the Intermediate Certification Authorities store on all client workstations.


    正确答案: A
    解析: 暂无解析

  • 第13题:

    You have an enterprise subordinate certification authority (CA).  The CA is configured to use a hardware security module.   You need to back up Active Directory Certificate Services on the CA.   Which command should you run()

    • A、certutil.exe backup
    • B、certutil.exe backupdb
    • C、certutil.exe backupkey
    • D、certutil.exe store

    正确答案:B

  • 第14题:

    You have an enterprise subordinate certification authority (CA). You have a group named  Group1.     You need to allow members of Group1 to publish new certificate revocation lists. Members of  Group1 must not be allowed to revoke certificates.     What should you do()

    • A、Add Group1 to the local Administrators group.
    • B、Add Group1 to the Certificate Publishers group.
    • C、Assign the Manage CA permission to Group1.
    • D、Assign the Issue and Manage Certificates permission to Group1.

    正确答案:C

  • 第15题:

    You have a Windows Server 2008 R2 Enterprise Root certification authority (CA). You need to  grant members of the Account Operators group the ability to only manage Basic EFS certificates.     You grant the Account Operators group the Issue and Manage Certificates permission on the CA .   Which three tasks should you perform next()

    • A、Enable the Restrict Enrollment Agents option on the CA .
    • B、Enable the Restrict Certificate Managers option on the CA .
    • C、Add the Basic EFS certificate template for the Account Operators group.
    • D、Grant the Account Operators group the Manage CA permission on the CA .
    • E、Remove all unnecessary certificate templates that are assigned to the Account Operators group.

    正确答案:B,C,E

  • 第16题:

    You have an enterprise subordinate certification authority (CA). You have a custom Version 3  certificate template.     Users can enroll for certificates based on the custom certificate template by using the Certificates  console.     The certificate template is unavailable for Web enrollment. You need to ensure that the certificate  template is available on the Web enrollment pages.     What should you do()

    • A、Run certutil.exe -pulse.
    • B、Run certutil.exe -installcert.
    • C、Change the certificate template to a Version 2 certificate template.
    • D、On the certificate template, assign the Autoenroll permission to the users.

    正确答案:C

  • 第17题:

    You are a network administrator for your company. The network consists of two Active Directory domains. You are responsible for administering one domain, which contains users who work in the sales department. User objects for the users in the sales department are stored in an organizational unit (OU) named Sales in your domain.   Users in the sales department use a public key infrastructure (PKI) enabled application that requires users to present client authentication certificates before they are granted access. You install Certificate Services on two member servers  running Windows Server 2003. You configure one server as an enterprise subordinate certification authority (CA) and the other server as a stand-alone root CA.   You need to issue certificates that support client authentication to sales users only. You need to achieve this goal by using the minimum amount of administrative effort.   What should you do?  ()

    • A、 Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object (GPO) to autoenroll users for certificates.
    • B、 Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object (GPO) to autoenroll computers for certificates.
    • C、 Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object (GPO) and link it to the Sales OU. Configure the GPO to autoenroll sales users for certificates.
    • D、 Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object (GPO) and link it to the Sales OU. Configure the GPO to autoenroll sales client computers for certificates.

    正确答案:C

  • 第18题:

    单选题
    You have an enterprise root certification authority (CA) that runs Windows Server 2008 R2.     You need to ensure that you can recover the private key of a certificate issued to a Web server.     What should you do()
    A

    From the ca, run the Get-PfxCertificate cmdlet.

    B

    From the Web server, run the Get-PfxCertificate cmdlet.

    C

    From the ca, run the certutil.exe tool and specify the -exportpfx parameter.

    D

    From the Web server, run the certutil.exe tool and specify the -exportpfx parameter.


    正确答案: B
    解析: 暂无解析

  • 第19题:

    单选题
    You need to design a PKI for Litware, Inc. What should you do?()
    A

    Add one offline stand-alone root certificate authority(CA).Add two online enterprise subordinate CAs

    B

    Add one online stand-alone root certification authority(CA).Add two online enterprise subordinate CAs

    C

    Add one online enterprise root certification authority CA).Add one offline enterprise subordinate CA

    D

    Add one online enterprise root certification authority(CA).Add two online enterprise subordinate CAs


    正确答案: C
    解析: 暂无解析

  • 第20题:

    单选题
    You have an enterprise subordinate certification authority (CA) configured for key archival. Three  key recovery agent certificates are issued.  The CA is configured to use two recovery agents.     You need to ensure that all of the recovery agent certificates can be used to recover all new  private keys.     What should you do()
    A

    Add a data recovery agent to the Default Domain Policy.

    B

    Modify the value in the Number of recovery agents to use box.

    C

    Revoke the current key recovery agent certificates and issue three new key recovery agent certificates.

    D

    Assign the Issue and Manage Certificates permission to users who have the key recovery agent certificates.


    正确答案: B
    解析: 暂无解析

  • 第21题:

    单选题
    You have an enterprise subordinate certification authority (CA).   You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for  autoenrollment.   You increase the template key length to 2,048 bits.   You need to ensure that all current certificate holders automatically enroll for a certificate that uses the  new template.   Which console should you use()
    A

    Active Directory Administrative Center

    B

    Certification Authority

    C

    Certificate Templates

    D

    Group Policy Management


    正确答案: C
    解析: 暂无解析

  • 第22题:

    单选题
    You have an enterprise subordinate certification authority (CA). You have a custom Version 3 certificate template.  Users can enroll for certificates based on the custom certificate template by using the Certificates console. The certificate template is unavailable for Web enrollment. You need to ensure that the certificate template is available on the Web enrollment pages. What should you do()
    A

    Run certutil.exe pulse.

    B

    Run certutil.exe installcert.

    C

    Change the certificate template to a Version 2 certificate template.

    D

    On the certificate template, assign the Autoenroll permission to the users.


    正确答案: A
    解析: 暂无解析

  • 第23题:

    单选题
    You have an enterprise subordinate certification authority (CA).   You have a group named Group1.   You need to allow members of Group1 to publish new certificate revocation lists. Members of Group1  must not be allowed to revoke certificates.   What should you do()
    A

    Add Group1 to the local Administrators group.

    B

    Add Group1 to the Certificate Publishers group.

    C

    Assign the Manage CA permission to Group1.

    D

    Assign the Issue and Manage Certificates permission to Group1.


    正确答案: A
    解析: 暂无解析

  • 第24题:

    单选题
    You are a network administrator for your company. The network consists of two Active Directory domains. You are responsible for administering one domain, which contains users who work in the sales department. User objects for the users in the sales department are stored in an organizational unit (OU) named Sales in your domain.   Users in the sales department use a public key infrastructure (PKI) enabled application that requires users to present client authentication certificates before they are granted access. You install Certificate Services on two member servers  running Windows Server 2003. You configure one server as an enterprise subordinate certification authority (CA) and the other server as a stand-alone root CA.   You need to issue certificates that support client authentication to sales users only. You need to achieve this goal by using the minimum amount of administrative effort.   What should you do?  ()
    A

     Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object (GPO) to autoenroll users for certificates.

    B

     Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object (GPO) to autoenroll computers for certificates.

    C

     Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object (GPO) and link it to the Sales OU. Configure the GPO to autoenroll sales users for certificates.

    D

     Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object (GPO) and link it to the Sales OU. Configure the GPO to autoenroll sales client computers for certificates.


    正确答案: B
    解析: 暂无解析

相关内容