单项选择题

You are a network administrator for your company. The network contains Windows Server 2003 computers and Windows XP Professional client computers. All computers are members of the same Active Directory forest. The company uses a public key infrastructure (PKI) enabled application to manage marketing data. Certificates used with this application are managed by the application administrators. You install Certificate Services to create an offline stand-alone root certification authority (CA) on one Windows Server 2003 computer. You configure a second Windows Server 2003 computer as a stand-alone subordinate CA. You instruct users in the marketing department to enroll for certificates by using the Web enrollment tool on the stand-alone subordinate CA. Some users report that when they attempt to complete the enrollment process, they receive an error message on their certificate, as shown in the exhibit. (Click the Exhibit button.) Other users in the marketing department do not report receiving the error. You need to ensure that users in the marketing department do not continue to receive this error message. You also need to ensure that only users in the marketing department trust certificates issued by this CA. You create a new organizational unit (OU) named Marketing.
 What else should you do?()

 

A. Place all marketing department computer objects in the Marketing OU. Create a new Group Policy object (GPO) and link it to the Marketing OU. Publish the root CA’s root certificate in the Trusted Root Certification Authorities section of the GPO.
B. Place all marketing department user objects in the Marketing OU. Create a new Group Policy object (GPO) and link it to the Marketing OU. In the User Configuration section of the GPO, configure a certificate trust list (CTL) that contains the subordinate CA’s certificate.
C. Place all marketing department computer objects in the Marketing OU. Create a new Group Policy object (GPO) and link it to the Marketing OU. In the Computer Configuration section of the GPO, configure a certificate trust list (CTL) that contains the subordinate CA’s certificate.
D. Place all marketing department user objects in the Marketing OU. Create a new Group Policy object (GPO) and link it to the Marketing OU. In the User Configuration section of the GPO, configure a certificate trust list (CTL) that contains the root CA’s certificate.

<没有了 目录 下一题>
热门 试题

单项选择题
You are a network administrator for your company. The network consists of two Active Directory domains. You are responsible for administering one domain, which contains users who work in the sales department. User objects for the users in the sales department are stored in an organizational unit (OU) named Sales in your domain.   Users in the sales department use a public key infrastructure (PKI) enabled application that requires users to present client authentication certificates before they are granted access. You install Certificate Services on two member servers  running Windows Server 2003. You configure one server as an enterprise subordinate certification authority (CA) and the other server as a stand-alone root CA.   You need to issue certificates that support client authentication to sales users only. You need to achieve this goal by using the minimum amount of administrative effort.   What should you do?  ()

A. Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object (GPO) to autoenroll users for certificates.
B. Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Configure the Default Domain Policy Group Policy object (GPO) to autoenroll computers for certificates.
C. Create a duplicate of the User certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object (GPO) and link it to the Sales OU. Configure the GPO to autoenroll sales users for certificates.
D. Create a duplicate of the Computer certificate template and configure it to support autoenrollment. Configure the enterprise subordinate CA to issue certificates based on the template. Create a new Group Policy object (GPO) and link it to the Sales OU. Configure the GPO to autoenroll sales client computers for certificates.
单项选择题
You are the network administrator for your company. The network consists of a single Active Directory domain. All computers on the network are members of the domain. All servers run Windows Server 2003 and all client computers run Windows XP Professional.  You are planning a security update infrastructure.   You need to find out which computers are exposed to known vulnerabilities. You need to collect the information on existing vulnerabilities for each computer every night. You want this process to occur automatically.  What should you do? ()

A. Schedule the secedit command to run every night.
B. Schedule the mbsacli.exe command to run every night.
C. Install Microsoft Baseline Security Analyzer (MBSA) on one of the servers. Configure Automatic Updates on all other computers to use that server.
D. Install Software Update Services (SUS) on one of the servers. Configure the SUS server to update every night.
相关试题