单项选择题
Your company has an Active Directory domain.
You install an Enterprise Root certification authority (CA) on a member server named Server1. You need to ensure that only the Security Manager is authorized to revoke certificates that are supplied by Server1.
What should you do()
A.Remove the Request Certificates permission from the Domain Users group.
B.Remove the Request Certificates permission from the Authenticated Users group.
C.Assign the Allow - Manage CA permission to only the Security Manager user account.
D.Assign the Allow - Issue and Manage Certificates permission to only the Security Manager user account.
相关考题
-
多项选择题
Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate Services (AD CS) is configured as a standalone Certification Authority (CA) on the server. You need to audit changes to the CA configuration settings and the CA security settings. Which two tasks should you perform()
A.Configure auditing in the Certification Authority snap-in.
B.Enable auditing of successful and failed attempts to change permissions on files in the %SYSTEM32%\CertSrv dire
C.Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%\CertLog directory.
D.Enable the Audit object access setting in the Local Security Policy for the Active Directory Certificate Services -
单项选择题
You have a Windows Server 2008 R2 Enterprise Root CA . Security policy prevents port 443 and port 80 from being opened on domain controllers and on the issuing CA . You need to allow users to request certificates from a Web interface. You install the Active Directory Certificate Services (AD CS) server role. What should you do next()
A.Configure the Online Responder Role Service on a member server.
B.Configure the Online Responder Role Service on a domain controller.
C.Configure the Certificate Enrollment Web Service role service on a member server.
D.Configure the Certificate Enrollment Web Service role service on a domain controller. -
单项选择题
You have a Windows Server 2008 R2 that has the Active Directory Certificate Services server role installed. You need to minimize the amount of time it takes for client computers to download a certificate revocation list (CRL). What should you do()
A.Install and configure an Online Responder.
B.Install and configure an additional domain controller.
C.Import the Root CA certificate into the Trusted Root Certification Authorities store on all client workstations.
D.Import the Issuing CA certificate into the Trusted Root Certification Authorities store on all client workstations.
