单项选择题
You are the network administrator for Contoso Pharmaceuticals. The network consists of a single Active Directory forest. The forest contains Windows Server 2003 servers and Windows XP Professional computers.
The forest consists of a forest root domain named contoso.com and two child domains named child1.contoso.com and child2.contoso.com. The child1.contoso.com domain contains a member server named Server1. You configure Server1 to be an enterprise certification authority (CA), and you configure a user certificate template. You enable the Publish certificate in Active Directory setting in the certificate template. You instruct users in both the child1.contoso.com and the child2.contoso.com domains to enroll for user certificates.
You discover that the certificates for user accounts in the child1.contoso.com domain are being published to Active Directory, but the certificates for user accounts in the child2.contoso.com domain are not.
You want certificates issued by Server1 to child2.contoso.com domain user accounts to be published in Active Directory.
What should you do? ()
A. Configure user certificate autoenrollment for all domain user accounts in the contoso.com domain.
B. Configure user certificate autoenrollment for all domain user accounts in the child2.contoso.com domain.
C. Add Server1 to the Cert Publishers group in the contoso.com domain.
D. Add Server1 to the Cert Publishers group in the child2.contoso.com domain.
相关考题
-
单项选择题
You are a network administrator for your company. The network consists of two Active Directory domains. You are responsible for administering one domain, which contains users who work in the sales department. User objects for the users in the sales department are stored in an organizational unit (OU) named Sales in your domain. Users in the sales department use a public key infrastructure (PKI) enabled application that requires users to present client authentication certificates before they are granted access. You install Certificate Services on two member servers running Windows Server 2003. You configure one server as an enterprise subordinate certification authority (CA) and the other server as a stand-alone root CA. You need to issue certificates that support client authentication to sales users only. You need to achieve this goal by using the minimum amount of administrative effort. What should you do? ()
A. Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object (GPO) to autoenroll users for certificates.
B. Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object (GPO) to autoenroll computers for certificates.
C. Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object (GPO) and link it to the Sales OU. Configure the GPO to autoenroll sales users for certificates.
D. Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object (GPO) and link it to the Sales OU. Configure the GPO to autoenroll sales client computers for certificates. -
单项选择题
You are the network administrator for your company. The network consists of a single Active Directory domain. The domain contains a Windows Server 2003 computer named Server1 that is located in an organizational unit (OU) named Servers. Server1 contains confidential data, and all network communications with Server1 must be encrypted by using IPSec. The default Client (Respond Only) IPSec policy is enabled in the Default Domain Policy Group Policy object (GPO). You create a new GPO and link it to the Servers OU. You configure the new GPO by creating and enabling a custom IPSec policy. You monitor and discover that network communications with Server1 are not being encrypted. You need to view all IPSec policies that are being applied to Server1. What should you do? ()
A. Use Local Security Policy to view the Security Options for Server1.
B. Use Resultant Set of Policy (RSoP) to run an RSoP logging mode query to view the IP Security Policies on Local Computer for Server1.
C. Use Resultant Set of Policy (RSoP) to run an RSoP planning mode query to view the Security Options for Server1.
D. Use IP Security Monitor to view the Active Policy for Server1.
E. Use IP Security Monitor to view the IKE Policies for Server1. -
多项选择题
You are the systems engineer for your company. The company has a main office in Los Angeles and two branch offices, one in Chicago and one in New York. The offices are connected to one another by dedicated T1 lines. Each office has its own local IT department and administrative staff. The company network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. All servers support firmware-based console redirection by means of the serial port. The server hardware does not support any other method of console redirection and cannot be upgraded to do so. The company is currently being reorganized. The IT departments from each branch office are being relocated to a new central data center in the Los Angeles office. Several servers from each branch office are also being relocated to the Los Angeles data center. Each branch office will retain 10 servers. A new written security policy includes the following requirements: • All servers must be remotely administered for all administrative tasks. • All servers must be administered from the Los Angeles office. • All remote administration connections must be authenticated and encrypted. Your current network configuration already adheres to the new written security policy for day-to-day server administration tasks performed on the servers. You need to plan a configuration for out-of-band management tasks for each office that meets the new security requirements. Which three actions should you take?()
A. Connect each server’s serial port to a terminal concentrator. Connect the terminal concentrator to the network.
B. Connect a second network adapter to each server. Connect the second network adapter in each server to a separate network switch. Connect the management port on the switch to a WAN port on the office router. Enable IPSec on the router.
C. Enable Routing and Remote Access on a server in each branch office, and configure it as an L2TP/IPSec VPN server. Configure a remote access policy to allow only authorized administrative staff to make a VPN connection.
D. On each server, enable the Telnet service with a startup parameter of Automatic. Configure Telnet on each server to use only NTLM authentication. Apply the Server (Request Security) IPSec policy to all servers.
E. On each server, enable Emergency Management Services console redirection and the Emergency Management Services Special Administration Console (SAC).
