Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your  company runs an Enterprise Root certification authority （CA）.     You need to ensure that only administrators can sign code.     Which two tasks should you perform

第1题：

Your company has an Active Directory domain. All servers run Windows Server 2008 R2.  Your  company uses an Enterprise Root certification authority （CA） and an Enterprise Intermediate CA.  The Enterprise Intermediate CA certificate expires.    You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do（）

• A、Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.
• B、Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA  server.
• C、Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers  group policy object.
• D、Import the new certificate into the Intermediate Certification Store in the Default Domain group policy  object.

第2题：

Your company has an Active Directory forest that contains only Windows Server 2008 domain  controllers.     You need to prepare the Active Directory domain to install Windows Server 2008 R2 domain  controllers.     Which two tasks should you perform（）

• A、Run the adprep /forestprep command.
• B、Run the adprep /domainprep command.
• C、Raise the forest functional level to Windows Server 2008.
• D、Raise the domain functional level to Windows Server 2008.

第3题：

Your company has a single Active Directory forest that has six domains.All DNS servers in the forest run Windows Server 2008 R2.You need to ensure that all public DNS queries are channeled through a single-caching-only DNS server.Which two actions should you perform？（）

• A、Disable the root hints.
• B、Enable BIND secondaries.
• C、Configure a forwarder to the caching DNS server.
• D、Configure a GlobalNames host (A) record for the hostname of the caching DNS server.

第4题：

Your company has an Active Directory forest that contains only Windows Server 2003 domain controllers. You need to prepare the Active Directory domain to install Windows Server 2008 domain controllers. Which two tasks should you perform（）

• A、Run the adprep /forestprep command.
• B、Run the adprep /domainprep command.
• C、Raise the forest functional level to Windows Server 2008.
• D、Raise the domain functional level to Windows Server 2008.

第5题：

Your company has a single Active Directory forest that has six domains. All DNS servers in the forest run Windows Server 2008. You need to ensure that all public DNS quieries are channeled through a singlecahing- only DNS server. Which two actions should you perform？（） 

• A、Disable the root hints
• B、Enable BIND secondaries
• C、Configure a forwarder to the caching DNS server
• D、Configure a GlobalNames host （A） record for the hostname of the caching DNS server

第6题：

Your company has an Active Directory Domain Services (AD DS) domain. All servers run Windows Server 2008 R2. All client computers run Windows 7. You manage client computers by using Microsoft System Center Configuration Manager 2007 R2. You are deploying Microsoft Enterprise Desktop Virtualization (MED-V) to support client virtualization requirements. You need to ensure that administrators can centrally store MED-V logging information and generate reports. Which two actions should you perform？（）

• A、Install and configure IIS on a member server.
• B、Configure a shared folder on a member server.
• C、Install and configure Microsoft SQL Server 2008 on a member server.
• D、Configure permissions for the shared folder on a member server.

第7题：

Your company has an Active Directory Domain Services (AD DS) domain. All servers run Windows Server 2008 R2. All client computers run Windows 7. Your environment includes Microsoft Enterprise Desktop Virtualization (MED-V). You use MED-V to support temporary test environments. You need to ensure that the disk space used by obsolete Workspaces is automatically minimized. Which two actions should you perform?（）

• A、Configure the Workspace as revertible.
• B、Set an expiration date for the Workspace.
• C、Specify the number of image versions to keep.
• D、Configure automatic deletion of the Workspace.

第8题：

Your company has 10 servers that run Windows Server 2008 R2. The servers have Remote Desktop Protocol (RDP) enabled for server administration. RDP is configured to use default security settings. All administrators' computers run Windows 7. You need to ensure the RDP connections are as secure as possible. Which two actions should you perform？（）

• A、Set the security layer for each server to the RDP Security Layer.
• B、Configure the firewall on each server to block port 3389.
• C、Acquire user certificates from the internal certification authority.
• D、Configure each server to allow connections only to Remote Desktop client computers that use Network Level Authentication.

第9题：

Your company has a server that runs Windows Server 2008 R2. Active Directory Certificate Services  （AD CS） is configured as a standalone Certification Authority （CA） on the server. You need to audit changes to the CA configuration settings and the CA security settings. Which two tasks should you perform（）

• A、Configure auditing in the Certification Authority snap-in.
• B、 Enable  auditing  of  successful  and  failed  attempts  to  change  permissions  on  files  in  the %SYSTEM32%/CertSrv directory.
• C、Enable auditing of successful and failed attempts to write to files in the %SYSTEM32%/CertLog directory.
• D、Enable the Audit object access setting in the Local Security Policy for the Active Directory Certificate  Services （AD CS） server.

第10题：

第11题：

第12题：

Your company has an Active Directory domain. All servers run Windows Server 2008. Your company uses an ENterprise Root certification authority （CA） and an Enterprise Intermediate CA. The Enterprise intermediate CA certificate expires. You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain. What should you do（）

• A、Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.
• B、Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.
• C、Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group object.
• D、Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.

第13题：

Your company has an Active Directory domain. All servers run Windows Server 2008 R2.  Your  company runs an Enterprise Root certification authority （CA）.   You need to ensure that only administrators can sign code. Which two task should you perform（）

• A、Publish the code signing template.
• B、Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and  allow only administrators to apply the policy.
• C、Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted  Publishers.
• D、Modify the security settings on the template to allow only administrators to request code signing  certificates.

第14题：

Your company has a single Active Directory directory service domain. All servers in your environment run Windows Server 2003. You have a stand-alone server that serves as a Stand-alone root certification authority （CA）. You need to ensure that a specific user can back up the CA and configure the audit parameters on the CA.  What should you do？（）

• A、 Assign the user account to the CA Admin role.
• B、 Add the user account to the local Administrators group.
• C、 Grant the user the Back up files and directories user right.
• D、 Grant the user the Manage auditing and security log user right.

第15题：

Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your  company uses an Enterprise Root certification authority （CA） and an Enterprise Intermediate CA.     The Enterprise Intermediate CA certificate expires.     You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain.     What should you do（）

• A、Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.
• B、Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.
• C、Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group policy ob
• D、Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.

第16题：

Your company has an Active Directory Domain Services (AD DS) domain. All servers run Windows Server 2008 R2. All client computers run Windows 7. Your environment includes Microsoft Enterprise Desktop Virtualization (MED - V). You use M ED - V to support temporary test environments. You need to ensure that the disk space used by obsolete Workspaces is automatically minimized. Which two actions should you perform? （）

• A、Configure t he Workspace as revertible.
• B、Set an expiration date for the Workspace.
• C、Specify the number of image versions to keep.
• D、Configure automatic deletion of the Workspace.

第17题：

Your company has an Active Directory domain. All servers run Windows Server 2008. Your company runs an Enterprise Root certification authority （CA）. You need to ensure that only administrators can sign code. Which two tasks should you perform（）

• A、Publish the code signing template.
• B、Edit the local computer policy of the Enterprise Root CA to allow users to trust peer certificates and allow only administrators to apply the policy.
• C、Edit the local computer policy of the Enterprise Root CA to allow only administrators to manage Trusted Publishers.
• D、Modify the security settings on the template to allow only administrators to request code signing certificates.

第18题：

Your company has a single Active Directory forest that has six domains. All DNS servers in the forest run Windows Server 2008.You need to ensure that all public DNS queries are channeled through a single-caching-only DNS server. Which two actions should you perform？ （Each correct answer presents part of the solution.（）

• A、Disable the root hints.
• B、Enable BIND secondaries.
• C、Configure a forwarder to the caching DNS server.
• D、Configure a GlobalNames host （A）record for the hostname of the caching DNS server.

第19题：

Your company has an Active Directory domain. All servers run Windows Server 2008 R2.     Your company uses an Enterprise Root certificate authority （CA）. You need to ensure that  revoked certificate information is highly available.   What should you do（）

• A、Implement an Online Certificate Status Protocol （OCSP） responder by using Network Load Balancing.
• B、Implement an Online Certificate Status Protocol （OCSP） responder by using an Internet Security and Acceleration S
• C、Publish the trusted certificate authorities list to the domain by using a Group Policy Object （GPO）.
• D、Create a new Group Policy Object （GPO） that allows users to trust peer certificates. Link the GPO to the domain.

第20题：

Your network contains an Active Directory domain.     You have a server named Server1 that runs Windows Server 2008 R2. Server1 is an enterprise root certification authority （CA）.   You have a client computer named Computer1 that runs Windows 7. You enable automatic  certificate enrollment for all client computers that run Windows 7. You need to verify that the  Windows 7 client computers can automatically enroll for certificates.     Which command should you run on Computer1（）

• A、certreq.exe -retrieve
• B、certreq.exe -submit
• C、certutil.exe -getkey
• D、certutil.exe -pulse

第21题：

第22题：