Yournetwork contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 R2. Server1 has an enterprise root
certification authority (CA) for contoso.com.
You deploy another member server named Server2 that runs Windows Server 2012 R2 and has the
Web Server (IIS) server role installed.
You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point
for the CA. The solution must ensure that CRLs are published automatically to Server2.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose
two.)
A.
Create an http:// CRL distribution point (CDP) entry.
No Majority: Disk Only
B.
Configure a CA exit module.
Node Majority
C.
Create a file:// CRL distribution point (CDP) entry.
Node and File Share Majority
D.
Configure a CA policy module.
Youcan specify CRL Distribution Points (CDPs) in CAPolicy.inf. Note that any CDP in CAPolicy.inf
will take precedence for certificate verifiers over the CDP’s specified in the CA policy module.
Note:
CRLDistributionPoint
Youcan specify CRL Distribution Points (CDPs) for a root CA certificate in the CAPolicy.inf. This
section does not configure the CDP for the CA itself. After the CA has been installed you can
configure the CDP URLs that the CA will include in each certificate that it issues. The URLs specified
in this section of the CAPolicy.inf file are included in the root CA certificate itself.
Example:
[CRLDistributionPoint]
URL=http://pki.wingtiptoys.com/cdp/WingtipToysRootCA.crl
QUESTION 209
Yourcompany has a main office and a remote office. The remote office is used for disaster recovery.
The network contains an Active Directory domain named contoso.com. The domain contains
member servers named Server1, Server2, Server3, and Server4. All servers run Windows Server
2012 R2.
Server1 and Server2 are located in the main office. Server3 and Server4 are located in the remote
office.
All servers have the Failover Clustering feature installed. The servers are configured as nodes in a
failover cluster named Cluster1. Storage is replicated between the main office and the remote site.
Youneed to ensure that Cluster1 is available if two nodes in the same office fail.
What are two possible quorum configurations that achieve the goal? (Each correct answer presents
a complete solution. Choose two.)
Node and Disk Majority
E.
Configure an enrollment agent.
D.
Configure a CA policy module.
Youcan specify CRL Distribution Points (CDPs) in CAPolicy.inf. Note that any CDP in CAPolicy.inf
will take precedence for certificate verifiers over the CDP’s specified in the CA policy module.
Note:
CRLDistributionPoint
Youcan specify CRL Distribution Points (CDPs) for a root CA certificate in the CAPolicy.inf. This
section does not configure the CDP for the CA itself. After the CA has been installed you can
configure the CDP URLs that the CA will include in each certificate that it issues. The URLs specified
in this section of the CAPolicy.inf file are included in the root CA certificate itself.
Example:
[CRLDistributionPoint]
URL=http://pki.wingtiptoys.com/cdp/WingtipToysRootCA.crl
QUESTION 209
Yourcompany has a main office and a remote office. The remote office is used for disaster recovery.
The network contains an Active Directory domain named contoso.com. The domain contains
member servers named Server1, Server2, Server3, and Server4. All servers run Windows Server
2012 R2.
Server1 and Server2 are located in the main office. Server3 and Server4 are located in the remote
office.
All servers have the Failover Clustering feature installed. The servers are configured as nodes in a
failover cluster named Cluster1. Storage is replicated between the main office and the remote site.
Youneed to ensure that Cluster1 is available if two nodes in the same office fail.
What are two possible quorum configurations that achieve the goal? (Each correct answer presents
a complete solution. Choose two.)
Node and Disk Majority
A.
Create an http:// CRL distribution point (CDP) entry.
No Majority: Disk Only
B.
Configure a CA exit module.
Node Majority
C.
Create a file:// CRL distribution point (CDP) entry.
Node and File Share Majority
D.
Configure a CA policy module.
Youcan specify CRL Distribution Points (CDPs) in CAPolicy.inf. Note that any CDP in CAPolicy.inf
will take precedence for certificate verifiers over the CDP’s specified in the CA policy module.
Note:
CRLDistributionPoint
Youcan specify CRL Distribution Points (CDPs) for a root CA certificate in the CAPolicy.inf. This
section does not configure the CDP for the CA itself. After the CA has been installed you can
configure the CDP URLs that the CA will include in each certificate that it issues. The URLs specified
in this section of the CAPolicy.inf file are included in the root CA certificate itself.
Example:
[CRLDistributionPoint]
URL=http://pki.wingtiptoys.com/cdp/WingtipToysRootCA.crl
QUESTION 209
Yourcompany has a main office and a remote office. The remote office is used for disaster recovery.
The network contains an Active Directory domain named contoso.com. The domain contains
member servers named Server1, Server2, Server3, and Server4. All servers run Windows Server
2012 R2.
Server1 and Server2 are located in the main office. Server3 and Server4 are located in the remote
office.
All servers have the Failover Clustering feature installed. The servers are configured as nodes in a
failover cluster named Cluster1. Storage is replicated between the main office and the remote site.
Youneed to ensure that Cluster1 is available if two nodes in the same office fail.
What are two possible quorum configurations that achieve the goal? (Each correct answer presents
a complete solution. Choose two.)
Node and Disk Majority
Explanation:
A)
Tospecify CRL distribution points in issued certificates
1. Open the Certification Authority snap-in.
2. In the console tree, click the name of the CA.
3. On the Action menu, click Properties , and then click the Extensions tab. Confirm that Select
extension is set to CRL Distribution Point (CDP) .
4. Do one or more of the following. (The list of CRL distribution points is in the Specify
locations from which users can obtain a certificate revocation list (CRL) box.)
/ Toindicate that you want to use a URL as a CRL distribution point
Click the CRL distribution point, select the Include in the CDP extension of issued certificates check
box, and then click OK .
5. Click Yes to stop and restart Active Directory Certificate Services (AD CS).Depending on the quorum configuration option that you choose and your specific settings, the
cluster will be configured in one of the following quorum modes:
* (A) No majority (disk witness only)
* (B) Node majority (no witness)
* Node majority with witness (disk or file share) Configure and Manage the Quorum in a Windows Server 2012 R2 Failover Cluster
A. Create an http:// CRL distribution point (CDP) entry.
B. Configure a CA exit module.
C. Create a file:// CRL distribution point (CDP) entry.
D. Configure a CA policy module.
E. Configure an enrollment agent.
Answer: A,D
0
2
Sakibur, the answer should be A & C.
You cannot PUBLISH (write) to a HTTP CRL distri entry point.
So you also have to create a FILE CRL distri point.
You PUBLISH to the FILE CRL distri entry point.
The HTTP CRL distri point, points to the FILE CRL distri point file location.
1
0
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has an enterprise root certification authority (CA) for contoso.com. You deploy another member server named Server2 that runs Windows Server 2012 R2 and has the Web Server (IIS) server role installed.
You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point for the CA. The solution must ensure that CRLs are published automatically to Server2. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create an http:// CRL distribution point (CDP) entry.
B. Configure a CA exit module.
C. Create a file:// CRL distribution point (CDP) entry
D. Configure an enrollment agent.
E. Configure a CA policy module.
Answer: A,C
1
1
Your company has a main office and a remote office. The remote office is used for disaster recovery. The network contains an Active Directory domain named contoso.com. The domain contains member servers named Server1, Server2, Server3, and Server4. All servers run Windows Server 2012 R2. Server1 and Server2 are located in the main office. Server3 and Server4 are located in the remote office. All servers have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Storage is replicated between the main office and the remote site.
You need to ensure that Cluster1 is available if two nodes in the same office fail.
What are two possible quorum configurations that achieve the goal? (Each correct answer presents a complete solution. Choose two.)
A. No Majority: Disk Only
B. Node Majority
C. Node and File Share Majority
D. Node and Disk Majority
Answer: C,D
1
0
Wrong sdqurria.
B and C.
Disk witness wouldn’t be accessible to both sites when connection is dropped.
Node Majority ensures Cluster still runs if 2 nodes are offline in one site.
0
1
Wrong fark70-412. Node majority will sustain only one node failure in this case. Possible solutions are A,C,D. We have no information about file share, but A is not recommended by MS itself. So it seems we should take C and D – sdquirra was correct.
https://technet.microsoft.com/en-us/library/cc731739(v=ws.11).aspx
https://www.aiotestking.com/microsoft/what-are-two-possible-quorum-configurations-that-achieve-the-goal/
1
0
Full question:
http://www.aiotestking.com/microsoft/which-two-actions-should-you-perform-815/
0
0