Which commandshould you run on Computer1?
Your network contains an Active Directory domain.
You have a servernamed Server1that runs Windows Server 2008 R2.
Server1is an enterprise root certification authority (CA).
You have a clientcomputer named Computer1that runs Windows 7.
You enable automatic certificate enrollment for all client computers that run Windows 7.
You need to verify that the Windows 7 client computers can automatically enroll for certificates.
Which commandshould you run on Computer1?
What should you configure in the adatum.com domain?
Your network contains two Active Directory forestsnamed contoso.comand adatum.com.
The functional level of both forests is Windows Server 2008 R2.
Each forest contains one domain.
Active Directory Certificate Services (AD CS) is configured in the contoso.com forest to allow users
from both forests to automatically enroll user certificates.
You need to ensure that all users in the adatum.com forest have a user certificate from the contoso.
com certification authority (CA).
What should you configure in the adatum.com domain?
You need to ensure that the external users can request certificates by using the new template
You have a servernamed Server1that has the following Active Directory Certificate Services (AD CS) role
services installed:
Enterprise root certification authority (CA)
Certificate Enrollment Web Service
Certificate Enrollment Policy Web Service
You create a new certificate template.
External usersreport that the new template is unavailable when they request anew certificate.
You verify that all other templates are available to the external users.
You need to ensure that the external users can request certificates by using the new template.
What should you do on Server1?
You need to ensure that a certificate issued by the CA is valid
Your network contains an enterprise root certification authority(CA).
You need to ensure that a certificate issued by the CA is valid.
What should you do?
What should you do?
You have an enterprise subordinate certification authority (CA).
The CA issues smart card logon certificates.
Usersare required to log on to the domain by using a smart card.
Your company’s corporate security policystates that when an employee resigns, his ability to log on to
the network must be immediately revoked.
An employee resigns.
Youneed to immediately prevent the employee from logging on to the domain.
What should you do?
You need to ensure that the new Online Responder resolves synchronization conflicts for all members of the Arr
You addan Online Responderto an Online Responder Array.
You need to ensure that the new Online Responder resolves synchronization conflicts for all members
of the Array.
What should you do?
You need to prevent the external partner from accessingthe Web site
Your network contains a serverthat runs Windows Server 2008 R2.
The server is configuredas an enterprise root certification authority (CA).
You have a Web sitethat usesx.509 certificates for authentication.
The Web siteis configuredto use a many-to-one mapping.
You revoke a certificate issued to an external partner.
You need to prevent the external partner from accessingthe Web site.
What should you do?
You need to configure the contoso.com zone to resolve client queries for at least four days in the event that
Your company has a main officeand five branch officesthat are connected by WAN links.
The company has an Active Directory domainnamed contoso.com.
Each branch officehas a member serverconfigured as a DNS server.
All branch office DNS servers host a secondary zonefor contoso.com.
You need to configure the contoso.com zone to resolve client queries for at least four days in the event
that a WAN link fails.
What should you do?
What are two possible waysto achieve this goal?
Your company has an Active Directory domainnamed contoso.com.
FS1is a member serverin contoso.com.
You add a second network interface card, NIC2, to FS1and connect NIC2to a subnetthat contains
computers in a DNS domainnamed fabrikam.com.
Fabrikam.comhas a DHCP serverand aDNS server.
Users in fabrikam.comare unable to resolve FS1 by using DNS.
You need to ensure that FS1 has an A record in the fabrikam.com DNS zone.
What are two possible waysto achieve this goal?
(Each correct answer presents a complete solution. Choose two.)
Which two actionsshould you perform?
Your company Datum Corporation, has a single Active Directory domainnamed intranet.adatum.com.
The domain has two domain controllersthat run Windows Server 2008 R2operating system.
The domain controllersalso run DNS servers.
The intranet.adatum.com DNS zoneis configured as an Active Directory-integrated zonewith the
Dynamic updates setting configured to Secure only.
A new corporate security policy requiresthat the intranet.adatum.com DNS zone must be updated only
by domain controllers or member servers.
You need to configure the intranet.adatum.com zone to meet the new security policy requirement.
Which two actionsshould you perform?
(Each correct answer presents part of the solution. Choose two.)