Your company has an Active Directory domain. You install an Enterprise Root certification authority (CA) on a member server named Server1.

You need to ensure that only the Security Manager is authorized to revoke certificates that are supplied by Server1.

What should you do?

Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate Services (AD CS) is configured as a standalone Certification Authority (CA) on the server.

You need to audit changes to the CA configuration settings and the CA security settings.

Which two tasks should you perform? (Each correct answer presents part of the solution. Choose two.)

You have a Windows Server 2008 R2 Enterprise Root CA . Security policy prevents port 443 and port 80 from being opened on domain controllers and on the issuing CA

You need to allow users to request certificates from a Web interface. You install the Active Directory Certificate Services (AD CS) server role.

What should you do next?

You have a Windows Server 2008 R2 that has the Active Directory Certificate Services server role installed.

You need to minimize the amount of time it takes for client computers to download a certificate revocation list (CRL).

What should you do?

Your company has an Active Directory forest. You plan to install an Enterprise certification authority (CA) on a dedicated stand-alone server.
When you attempt to add the Active Directory Certificate Services (AD CS) server role, you find that the Enterprise CA option is not available.

You need to install the AD CS server role as an Enterprise CA.

What should you do first?

You have an Active Directory domain that runs Windows Server 2008 R2. You need to implement a certification authority (CA) server that meets the following requirements:

* Allows the certification authority to automatically issue certificates
* Integrates with Active Directory Domain Services

What should you do?

Your network contains a server that runs Windows Server 2008 R2. The server is configured as an enterprise root certification authority (CA).
You have a Web site that uses x.509 certificates for authentication. The Web site is configured to use a many-to-one mapping.
You revoke a certificate issued to an external partner.

You need to prevent the external partner from accessing the Web site.

What should you do?

You have an enterprise subordinate certification authority (CA). The CA issues smart card logon certificates. Users are required to log on to the domain by using a smart card. Your company’s corporate security policy states that when an employee resigns, his ability to log on to the network must be immediately revoked. An employee resigns.

You need to immediately prevent the employee from logging on to the domain.

What should you do?

Your network contains an enterprise root certification authority (CA).

You need to ensure that a certificate issued by the CA is valid.

What should you do?

You have a server named Server1 that has the following Active Directory Certificate Services (AD CS) role services installed:

* Enterprise root certification authority (CA)
* Certificate Enrollment Web Service
* Certificate Enrollment Policy Web Service

You create a new certificate template. External users report that the new template is unavailable when they request a new certificate. You verify that all other templates are available to the external users.

You need to ensure that the external users can request certificates by using the new template.

What should you do on Server1?