Which permission should you assign on a CA to a group of users that you want to be able to respond to certificate requests but you do not want to provide them with the ability to change CA security settings?
Correct Answer:
B
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is an enterprise root certification authority (CA) for contoso.com.
Your user account is assigned the certificate manager role and the auditor role on the contoso.com CA. Your account is a member of the local Administrators group on Server1.
You enable CA role separation on Server1.
You need to ensure that you can manage the certificates on the CA. What should you do?
Correct Answer:
D
The separation of CA roles can be enforced using role separation. Once enforced, role separation only allows a user to be assigned a single role. If a user is assigned to more than one role and attempts to perform an operation on the CA, the operation is denied. For this reason, before role separation is enabled, a user should be assigned only one CA role.
Reference: Role Separation
Your network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computers run Windows 8.1.
The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2.
You need to identify whether deleted objects can be recovered from the Active Directory Recycle Bin.
Which cmdlet should you use?
Correct Answer:
E
The Get-ADOptionalFeature cmdlet gets an optional feature or performs a search to retrieve multiple optional features from an Active Directory.
Example: Get a specified optional feature
This command gets the optional feature with the name Recycle Bin Feature. Windows PowerShell
PS C:\\> Get-ADOptionalFeature -Identity \'Recycle Bin Feature\'
Reference: Get-ADOptionalFeature
https://technet.microsoft.com/en-us/library/hh852212(v=wps.630).aspx
You are employed as a network administrator at consoto.com.
Contoso.com has in an Active Directory domain named contoso.com.
All Servers on the contoso.com network have Windows Server 2012 R2 installed.
A contoso.com server ,named Server1,hosts the Active Directory Certificate Services Server role and utilizes a hardware security module(HSM) to safeguard its private key.
You have beed instructed to backup the Active Directory Certificate Services (ADCS) database,log files,and private key regularly.
You should not use a utility supplied by the hardware security module (HSM) creator. Which of the following actions should you take?
Correct Answer:
B
\\A. ADCS needs to be backup up using certutil
\\B. -Backup, -backupdb, -backupKey: You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
\\C. ADCS needs to be backup up using certutil
\\D. ADCS needs to be backup up using certutil
http://technet.microsoft.com/library/cc732443.aspx http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backup http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupDB http://technet.microsoft.com/en-us/library/cc732443.aspx#BKMK_backupKey
http://blogs.technet.com/b/pki/archive/2010/04/20/disaster-recovery-procedures-for-theactive-directorycertificate-services-adcs.aspx
- (Exam Topic 4)
Your network contains an Active Directory domain. The domain contains Two Hyper –V host named Server1 and Server2 that run Windows Server 2012 R2.
Live migration is configured on Server1 and Server2.
You sign to Server1, and then you create a virtual machine named VM1 on Server1. You more VM1 to Server 2 by using live migration.
You need to use live migration to more VM1 back to Server1. You must perform the move from Server1. What should you do first?
Correct Answer:
C
