You need to ensure that the external users can request certificates by using the new template
You have a server named Server1 that has the following Active Directory Certificate Services (AD CS) role
services installed:
Enterprise root certification authority (CA)
Certificate Enrollment Web Service
Certificate Enrollment Policy Web Service
You create a new certificate template.
External users report that the new template is unavailable when they request a new certificate. You verify that
all other templates are available to the external users. You need to ensure that the external users can request
certificates by using the new template.
What should you do on Server1?
You need to ensure that a certificate issued by theCA is valid
Your network contains an enterprise root certification authority (CA).
You need to ensure that a certificate issued by theCA is valid.
What should you do?
You need to immediately prevent the employee from logging on to the domain
You have an enterprise subordinate certification authority (CA). The CA issues smart card logon certificates.
Users are required to log on to the domain by usinga smart card. Your company’s corporate security policy
states that when an employee resigns, his ability to log on to the network must be immediately revoked. An
employee resigns.
You need to immediately prevent the employee from logging on to the domain.
What should you do?
You need to ensure that the new Online Responder resolves synchronization conflicts for all members ofthe Arra
You add an Online Responder to an Online Responder Array.
You need to ensure that the new Online Responder resolves synchronization conflicts for all members ofthe
Array.
What should you do?
You need to prevent the external partner from accessing the Web site
Your network contains a server that runs Windows Server 2008 R2. The server is configured as an enterprise
root certification authority (CA).
You have a Web site that uses x.509 certificates for authentication. The Web site is configured to usea many-to-one mapping.
You revoke a certificate issued to an external partner. You need to prevent the external partner from accessing
the Web site.
What should you do?
You need to configure the contoso.com zone to resolve client queries for at least four days in the event that
Your company has a main office and five branch offices that are connected by WAN links. The company has an
Active Directory domain named contoso.com. Each branch office has a member server configured as a DNS
server. All branch office DNS servers host a secondary zone for contoso.com.
You need to configure the contoso.com zone to resolve client queries for at least four days in the event that a
WAN link fails.
What should you do?
What are two possible ways to achieve this goal?
Your company has an Active Directory domain named contoso.com. FS1 is a member server in contoso.com.
You add a second network interface card, NIC2, to FS1 and connect NIC2 to a subnet that contains computers
in a DNS domain named fabrikam.com. Fabrikam.com has a DHCP server and a DNS server.
Users in fabrikam.com are unable to resolve FS1 by using DNS.
You need to ensure that FS1 has an A record in the fabrikam.com DNS zone.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose
two.)
Which two actions should you perform?
Your company Datum Corporation, has a single ActiveDirectory domain named intranet.adatum.com. The
domain has two domain controllers that run Windows Server 2008 R2 operating system. The domain
controllers also run DNS servers.
The intranet.adatum.com DNS zone is configured as an Active Directory-integrated zone with the Dynamic
updates setting configured to Secure only.
A new corporate security policy requires that the intranet.adatum.com DNS zone must be updated only by
domain controllers or member servers.
You need to configure the intranet.adatum.com zone to meet the new security policy requirement.
Which two actions should you perform? (Each correctanswer presents part of the solution. Choose two.)
You need to configure the forest trust to meet the new security policy requirement
Your company has two Active Directory forests as shown in the following table.
The forests are connected by using a two-way foresttrust. Each trust direction is configured with forest-wide
authentication. The new security policy of the company prohibits users from the eng.fabrikam.com domain to
access resources in the contoso.com domain.
You need to configure the forest trust to meet the new security policy requirement.
What should you do?
You need to configure AD RMS so that users are ableto protect their documents
Your company has an Active Directory Rights Management Services (AD RMS) server. Users have Windows
Vista computers. An Active Directory domain is configured at the Windows Server 2003 functional level.
You need to configure AD RMS so that users are ableto protect their documents.
What should you do?