Your network contains an enterprise certification authority (CA) that runs Windows Server
2008 R2 Enterprise.
You need to ensure that users can enroll for certificates that use the IPSEC (Offline request)
certificate template

Which snap-in should you use?

Your network contains an enterprise certification authority (CA) that runs Windows Server
2008 R2 Enterprise.
You need to ensure that all of the members of a group named Group1 can view the event
log entries for Certificate Services.
Which snap-in should you use?

Your network contains an enterprise certification authority (CA) that runs Windows Server
2008 R2 Enterprise.
You enable key archival on the C

Your company, Contoso, Ltd., has a main office and a branch office. The offices are
connected by a WAN link.Contoso has an Active Directory forest that contains a single
domain named ad.contoso.com.
The ad.contoso.com domain contains one domain controller named DC1 that is located in
the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This
zone is configured as a standard primary zone.
You install a new domain controller named DC2 in the branch office. You install DNS on
DC2.
You need to ensure that the DNS service can update records and resolve DNS queries in
the event that aWAN link fails.
What should you do?

Your network contains an Active Directory domain named contoso.com. Contoso.com
contains a member server that runs Windows Server 2008 R2 Standard.
You need to create an enterprise subordinate certification authority (CA) that can issue
certificates based on version 3 certificate templates.
You must achieve this goal by using the minimum amount of administrative effort.
What should you do first?

You deploy an Active Directory Federation Services (AD FS) Federation Service Proxy on a
server namedServer1.
You need to configure the Windows Firewall on Server1 to allow external users to
authenticate by using AD FS.
Which protocol should you allow on Server1?

Your network contains an Active Directory domain named contoso.com.
The network has a branch office site that contains a read-only domain controller (RODC)
named RODC1.
RODC1 runs Windows Server 2008 R2.
A user logs on to a computer in the branch office site.
You discover that the user’s password is not stored on RODC1.
You need to ensure that the user’s password is stored on RODC1 when he logs on to a
branch office site computer.
What should you do?

Your network contains an Active Directory domain named contoso.com. The contoso.com
domain contains a domain controller named DC1.
You create an Active Directory-integrated GlobalNames zone. You add an alias (CNAME)
resource record named Server1 to the zone. The target host of the record is
server2.contoso.com.
When you ping Server1, you discover that the name fails to resolve. You are able to
successfully ping server2.contoso.com.
You need to ensure that you can resolve names by using the GlobalNames zone.
Which command should you run?

Your network contains an Active Directory forest named adatum.com.
You need to create an Active Directory Rights Management Services (AD RMS) licensingonly cluster.
What should you install before you create the AD RMS root cluster?

Your network contains an Active Directory forest named adatum.com.
All client computers used by the marketing department are in an organizational unit (OU)
named Marketing Computers. All user accounts for the marketing department are in an OU
named Marketing Users.

You purchase a new application.
You need to ensure that every user in the domain who logs on to a marketing department
computer can use the application. The application must only be available from the marketing
department computers.
What should you do?