If a certificate authority trustpoint is not configured when

第1题：

You have an Active Directory domain that runs Windows Server 2008 R2. You need to implement  a certification authority （CA） server that meets the following requirements：     - Allows the certification authority to automatically issue certificates  - Integrates with Active Directory Domain Services     What should you do（）

• A、Install and configure the Active Directory Certificate Services server role as a Standalone Root CA .
• B、Install and configure the Active Directory Certificate Services server role as an Enterprise Root CA .
• C、Purchase a certificate from a third-party certification authority. Install and configure the Active Directory Certificate S
• D、Purchase a certificate from a third-party certification authority. Import the certificate into the computer store of the sc

第2题：

You are performing the initial setup of a new MAG Series device and have installed a valid CA- signed certificate on the MAG Series device. Connectivity to an existing SRX Series firewall enforcer cannot be obtained.What are two explanations for this behavior?（）

• A、The MAG Series device has multiple ports associated with the certificate.
• B、The MAG Series device's serial number needs to be configured on the SRX Series device.
• C、The SRX Series device must have a certificate signed by the same authority as the MAG Series device.
• D、The MAG Series device and SRX Series device are not synchronized to an NTP server.

第3题：

第4题：

Your network contains a Web server named Server1 that runs Windows Server 2003 and Internet Information Server (IIS). Server1 has a server certificate from an Enterprise Certificate Authority (CA) installed. External users report that when they try to access the Web site from outside the corporate network by using a Web browser, they receive the following warning message: There is a problem with this Web sites security certificate. The security certificate presented by this Web site was not issued by a trusted certificate authority. You find that users onthe corporate network do not receive this error. You need to ensure that external users do not receive the warning message when connecting to Server1.   What should you do?（）

• A、In IIS Manager， enable the Enable client certificate mapping option.
• B、In IIS Manager， replace the certificate with a certificate obtained from a public Certification Authority.
• C、In Local Security Policy， enable Domain Member： Require strong （Windows 2000 or later） session key.
• D、In Local Security Policy， enable Domain Member： Digitally encrypt or sign secure channel data （always）.

第5题：

Your company has an internal Web application that uses a self-signed SSL certificate.  The company has an internal certification authority （CA） with autoenrollment.When users attempt to start the Web application， Internet Explorer displays an error message that recommends closing the Web page rather than continuing to the application.    You need to ensure that Internet Explorer does not display the error message.   What should you do？（）

• A、Issue a certificate from the internal CA and install it on the application server
• B、Install the Web application’s certificate into the computer store on each client computer
• C、Install the Web application’s certificate into the personal store on each client computer. Add the application’s URL to the Trusted Sites zone in Internet Explorer
• D、Purchase a commercial certificate and install it on the internal CA

第6题：

If a certificate authority trustpoint is not configured when enabling HTTPS and the remote HTTPS server requires client authentication， connections to the secure HTTP client will fail. Which command must be enabled for correct operation？（）

• A、ip http client secure-ciphersuite 3des-ede-cbc-sha
• B、ip https max-connections 10
• C、ip http timeout-policy idle 30 life 120 requests 100
• D、ip http client secure-trustpoint trustpoint-name

第7题：

You have an enterprise subordinate certification authority （CA）.  The CA is configured to use a hardware security module.   You need to back up Active Directory Certificate Services on the CA.   Which command should you run（）

• A、certutil.exe backup
• B、certutil.exe backupdb
• C、certutil.exe backupkey
• D、certutil.exe store

第8题：

Which of the following is NOT related to a Public key infrastructure (PKI)?以下哪个概念与公钥基础设施（PKI）无关？（）

• A、A X.509 certificate（X.509证书）
• B、A Ticket Granting Service（票据授予服务）
• C、A Registration authority（注册机构）
• D、A Certificate authority（证书机构）

第9题：

Your network contains a stand-alone certification authority (CA) and a Web server. The Web server hosts a secure Web site. The Web site uses a server certificate that was issued from the CA. Users report that they receive a certificate warning message when they connect to the Web site. You need to prevent users from receiving the certificate warning message when they connect to the Web site. What should you do from the Internet Options in Internet Explorer?（） 

• A、Import the CA certificate to the trusted root CA certificate store. 
• B、Import the server authentication certificate to the trusted publishers certificate store.
• C、Clear the Check for publisher's certificate revocation check box. 
• D、Clear the Require server verification (https:) for all sites in this zone check box for the Trusted sites zone.

第10题：

You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2.   Server1 is configured as an enterprise root certification authority （CA）.    You install the Online Responder role service on Server2.    You need to configure Server1 to support the Online Responder. What should you do（）

• A、Import the enterprise root CA certificate.
• B、Configure the Certificate Revocation List Distribution Point extension.
• C、Configure the Authority Information Access （AIA） extension.
• D、Add the Server2 computer account to the CertPublishers group.