- Home
- Server Administration
- Windows
- Identity with Windows server 2016 (70-742)
41.
You are the network administrator for a large organization. You need to add a certificate
template to the Certificate Authority. What PowerShell command would you use?
- A.Get-CSTemplate
- B.Add-CSTemplate
- C.Add-CATemplate
- D.New-Template
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| The Add-CATemplate command allows an administrator to add a certificate template to the CA. |
42.
Channel Fishing Company wants to configure a CA server in the DMZ to issue certificates
to remote users. How would you accomplish this? (Choose all that apply.)
- A.You should consider having the Certificate Enrollment Policy Web Server role included in the solution.
- B.You should consider having the online responder included in the solution.
- C.You should consider having the Network Device Enrollment Service included in the solution.
- D.You should consider having the web service included in the solution.
- E.You should consider having the Certificate Enrollment Web Service included in the solution.
- F.You should consider having the Web Enrollment service included in the solution.
- Answer & Explanation
- Report
Answer : [A, E]
Explanation :
Explanation :
| Certificate Enrollment Web Services with the Certificate Enrollment Policy Web Server role is the preferred Microsoft solution for issuing certificates through the internet. |
43.
The certificate revocation list (CRL) polling begins to consume bandwidth. What steps
should you consider to reduce network traffic?
- A.You should consider implementing the Certificate Enrollment Policy Web Server role and Certificate Enrollment Web Services role.
- B.You should consider implementing an online responder.
- C.You should consider implementing an online issuing CA and a root CA.
- D.You should consider publishing more CRLs.
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| The online responder uses a lightweight HTTP protocol that responds faster and more efficiently than downloading a traditional CRL. |
44.
ABC Industries wants configuration modifications of the Certification Authority role
service to be logged. How would you implement this? (Choose all that apply.)
- A.You should consider enabling auditing of system events.
- B.You should consider enabling logging.
- C.You should consider enabling auditing of object access.
- D.You should consider enabling auditing of privilege use.
- E.You should consider enabling auditing of process tracking.
- Answer & Explanation
- Report
Answer : [B, C]
Explanation :
Explanation :
| To enable auditing, you must check the boxes for Success Audits and Failure Audits on the Events tab of the Federation Service Properties dialog box. You must also enable Object Access Auditing in Local Policy or Group Policy. |
45.
You are the network administrator for an Active Directory forest named WillPanek.com.
The forest contains a single domain. The domain contains a single Windows Server 2016
server named Server1. An administrator named John Smith plans to set up Server1 as
a stand-alone certification authority (CA). You need John Smith to set up Server1 as a
stand-alone CA. What group does John Smith need to be part of to configure Server1 as
a stand-alone CA?
- A.Administrators group on Server1
- B.Domain Admins group in WillPanek.com
- C.Cert Publishers group on Server1
- D.Key Admins group in WillPanek.com
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| To configure a server as a stand-alone CA server, you need to be an administrator on that server. |
|
|
||||||||||||||||||||||||||||
