70-412 Multiple Choice – Flashcards
Unlock all answers in this set
Unlock answersquestion
What is used to transparently distribute traffic equally across multiple servers by using virtual IP addresses and a shared name?
answer
Network Load Balancing (NLB)
question
Which of the following would use NLB to provide fault tolerance?
answer
Websites
question
What is the maximum number of nodes that is supported in a Windows Server 2012 NLB cluster?
answer
32
question
What is used to detect the failure of cluster nodes?
answer
Heartbeats
question
When you add or remove a node from an NLB cluster, what must happen?
answer
Convergence
question
Which three types of parameters configure the NLB cluster?
answer
Cluster parameters Host parameters Port rules
question
What specifies how NLB directs traffic based on the port and protocol?
answer
Port rules
question
What determines how servers are balanced with NLB?
answer
affinity
question
Which mode allows an NLB cluster to use two MAC addresses for the NLB network adapter?
answer
Multicast mode
question
Which action blocks all new connections without terminating existing sessions?
answer
drainstop
question
Which type of clustering is used for back-end databases?
answer
failover cluster
question
What is the maximum number of nodes you can have on a single cluster?
answer
64
question
Which of the following can networks use in a Windows failover cluster? (Choose all that apply.)
answer
public-and-private private public
question
What port does heartbeats use?
answer
3343
question
Which of the following are SAN technologies that are used for centralized storage when configuring failover clusters? (Choose all that apply.)
answer
SAS Fibre Channel iSCSI
question
Which type of storage allows multiple nodes to access the storage at the same time?
answer
Cluster Shared Volume (CSV)
question
What is used to provide quorum when you have only two nodes in a cluster? (Choose all that apply.)
answer
witness disk shared folder
question
What allows you to automatically patch a cluster node with little or no downtime?
answer
Cluster-Aware Updating
question
What type of quorum would you use if you have three nodes in a failover cluster?
answer
Node Majority
question
What Windows PowerShell cmdlet would you use to check the progress of updates when using CAU?
answer
Get-CAURUN
question
Which of the following are improvements for CSV introduced with Windows Server 2012? (Choose all that apply)
answer
Support for SMB 3.0 Supports NTFS and ReFS
question
Which of the following allows you to deploy a failover cluster without creating an Active Directory computer account for the cluster network name?
answer
An Active Directory-detached cluster
question
Which do you configure to make a service or application highly available?
answer
role
question
Which type of role is designed to work with Windows Server 2012 failover cluster?
answer
cluster-aware clustered role
question
Which of the following is a benefit of Server Message Block (SMB) 3.0? (Choose all that apply.)
answer
SMB Encryption SMB Multichannel SMB Directory Leasing
question
Which SMB feature allows multiple nodes to access a clustered disk at the same time?
answer
SMB Scale Out
question
Which type of file server resembles the file server used in Windows Server 2008 R2?
answer
General Use File Server
question
Which type of volume should you use for highly available virtual machine?
answer
CSV
question
What do you configure if you want one node to be an active node while it is available?
answer
Preferred owner
question
What Windows PowerShell cmdlet is used to enable VM Monitoring?
answer
Add-ClusterVMMonitoredItem
question
Which type of application or services would you configure on a cluster for an application or service that was not made for a cluster?
answer
generic clustered role
question
Which of the following is supported by a Scale-Out Server? (Choose all that apply.)
answer
SMB
question
What method of file sharing is used with UNIX and Linux machines?
answer
NFS
question
When using NFS, how do you connect to the shared folder?
answer
You mount the volume to a local folder.
question
What allows you to integrate Windows users into an existing UNIX or Linux environment?
answer
Identity Management for UNIX
question
What command do you use to install Identity Management for UNIX?
answer
dism.exe
question
5. When you define access to NFS, which two items must you include? (Choose two answers.)
answer
GID UID
question
What are the three requirements for the NFS Data Store? (Choose three answers.)
answer
File Services role Server for NFS role service Failover Clustering feature
question
Which Windows Server 2012 server acts as a WAN accelerator?
answer
BranchCache
question
Which mode in BranchCache allows you to store the cache among multiple computers running Windows 7 or Windows 8?
answer
distributed cache mode
question
Which primary tool is used when classifying files?
answer
File Server Resource Manager
question
What are the two items that you have to create when using file classification?
answer
classification property classification rule
question
Which of the following uses a trusted identity provider to provide authentication?
answer
claims-based access control
question
Which digital identification is used by a user or computer?
answer
token
question
Which identity provider is in Windows Server 2012?
answer
Security Token Service
question
What is used to automatically label files based on content?
answer
classification rules
question
What do you specify when you create a claim type?
answer
claim name
question
What is used to grant permissions to those objects on multiple file servers within your domain?
answer
Central Access Policy
question
How do you enable staging of Dynamic Access Control (DAC)?
answer
Use GPOs.
question
Which log do you view when you enable staging when using DAC?
answer
Security
question
How can you test DAC changes before you implement the changes?
answer
Use staging.
question
What is included with devices when using DAC?
answer
computers
question
What protocol allows a server to connect to a SAN by sending SCIS commands over TCP/IP network?
answer
iSCSI
question
Which port does iSCSI use?
answer
Port 3260
question
Which client connects to an iSCSI SAN?
answer
iSCSI initiator
question
What can be installed so that Windows Server 2012 can be used to present iSCSI volumes to Windows servers?
answer
iSCSI target
question
What is a unique identifier that is used to identify iSCSI initiators and targets?
answer
IQN
question
Which protocol is used for authentication for iSCSI?
answer
CHAP
question
How do you install iSCSI Target on Windows Server 2012?
answer
You install as a Windows Server role
question
What can you use to encrypt iSCSI traffic?
answer
IPsec
question
Which two technologies can help make iSCSI highly available (Choose two answers)
answer
MCS MPIO
question
What is used to automatically discover, manage, and configure iSCSI devices?
answer
iSNS
question
Which tools do you have access to after installing the Windows Server Backup feature? (Select all that apply)
answer
Windows Server Backup MMC snap-in wbadmin.exe Windows PowerShell cmlets for Windows Server Backup
question
Which of the following are true statements regarding Windows Server Backup in Windows Server 2012? (Select all that apply)
answer
Applications can be backed up to a remote shared folder. Backing up to folders on a local or remote volume supports only one copy of the backup. Subsequent backups overwrite the contents of previous backups
question
Which of the following types of backups will back up all of the files needed to recover Active Directory? (Select all that apply)
answer
system state full backup bare metal recovery
question
What is the name of the folder where your backups are stored?
answer
WindowsImageBackup
question
Which of the following are true regarding Windows Online Backups?
answer
It's only available with Windows Server 2012 R2 It supports bandwidth throttling It supports backup of files and folders
question
Which of the following server roles should be backed up only in situations where you have static entries in the database?
answer
WINS
question
Which Windows PowerShell command installs the Windows Server Backup Feature?
answer
PS C:Install-WindowsFeature Windows-Server-Backup
question
Which wbadmin command backs up the system state on a domain controller to a remote volume located on Server02 named SysState?
answer
wbadmin start backup-systemstate-backuptarget:server02SysState
question
This Volume Shadow Copy Service (VSS) component is responsible for making sure the data is ready for the shadow copy to be created.
answer
VSS writer
question
Which of the following are characteristics of Shared Copies for Shadow Volumes (SCSV)?
answer
It's enabled on a per-volume basis The volumes must be formatted using NTFS
question
When restoring files protected by SCSV, which of the following statements are true?
answer
Copying a file causes it to lose its original permission settings Restoring a file allows it to retain its original permission settings
question
What is the maximum number of shadow copies allowed per volume?
answer
64
question
Which of the following statements is incorrect regarding restoring a system volume?
answer
If there are any data volumes on the same disk that contains the system volumes, they will not be erased as part of the restore process.
question
You would like to recover the system state for a member server from a backup. Which backup types include them by default? (Select all that apply)
answer
full backups system state backups bare metal backups
question
Which command can be used to boot into a special mode that allows you to repair and recover Active Directory?
answer
bcdedit /set safeboot dsrepair
question
Someone accidentally deleted an organizational unit (OU) in Active Directory. What type of restore do you need to perform if you do not have Active Directory Recycle Bin enabled?
answer
authoritative restore
question
What is the maximum number of days you can fully recover an Active Directory-deleted object and all of its attributes if you have Active Directory Recycle Bin enabled
answer
360 days
question
Which of the following are inaccurate statements regarding performing a bare metal recovery restore?
answer
You can restore cross architecture
question
Which of the following command-line tools can be used to display the boot loader/applications configured on a server?
answer
bcdedit.exe
question
Which of the following would you select, withing Hyper-V Manager, to return a virtual machine (VM) to the last snapshot that was taken after selecting the VM in the console?
answer
Action Menu > Revert
question
What allows you to place an offline copy of a VM that is regularly updated?
answer
Hyper-V replica
question
Which component of the Hyper-V replica performs the replication of VM's?
answer
Replication Engine
question
How is the data replicated when replicating to a Hyper-V replica?
answer
HTTP
question
What program is normally used to enable Hyper-V replication?
answer
Hyper-V Manager
question
When a VM is replicated as a Hyper-V replica, what is the replicated VM considered?
answer
cold server
question
What type of quorum is recommended for multi-site clusters consisting of two nodes on the primary site and two nodes on the backup site?
answer
Node Majority with File Share Majority
question
You have a total of five cluster nodes that are used by a multi-site cluster. Which type of quorum should you use?
answer
Node Majority
question
What provides encryption for Hyper-V replication over the network?
answer
HTTPS
question
What is the advantage of using synchronous replication?
answer
It keeps the source and target storage devices the same
question
If you have a secondary site to be used as a backup site, what basic network services will you need?
answer
AD DS DNS
question
What is used to enable Hyper-V replica if you have a failover cluster installed on a server where you have Hyper-V installed?
answer
Failover Cluster Manager
question
You have two servers, Server1 and Server2, running Windows Server 2012. Both servers have the Hyper-V server role installed. Server1 is in the primary site and Server2 is in the secondary site, which are connected over a slow WAN link. Server1 is running a VM. If Server1 fails, how can you start a copy of the VM on Server2, while keeping the cost low?
answer
On Server1, modify the Replication Configuration settings and enable the replication of VM
question
You have two servers, Server1 and Server2. Both are running Windows Server 2012 and the Hyper-V server role. You need to replicate VMs between Server1 and Server2. You need to use encryption with SSL. Of course, you need a digital certificate for SSL. What two intended purposes of the certificate would you need?
answer
client authentication serer authentication
question
You have three physical hosts called Server1, Server2, and Server3, all of which are running Windows Server 2012. Server1 and Server2 make up the failover cluster Cluster1. Cluster1 has the Hyper-V Replica Broker installed and is hosting several VMs. What tools do you need to use to configure the VMs to replicate to Server3?
answer
Hyper-V Manager console connected to Server3 Failover Cluster Manager console connected to Cluster1
question
What is desirable when you purchase a WAN link to connect two sites? (Choose two answers)
answer
low latency high bandwidth
question
You have a scope called Scope1 (192.168.3.0/24) that is running out of addresses. What can you do to expand the number of addresses?
answer
Create a 192.168.4.0 scope and create a superscope
question
Which type of communication sends a single set of packets to multiple hosts at the same time?
answer
multicast
question
What type of IPv6 address mechanism is used to generate link-local addresses using the MAC address?
answer
stateless
question
What is the default DHCP failover mode?
answer
Load Sharing
question
What is used to prevent non-Windows to overwrite DNS information for you systems that use static addresses?
answer
DHCP Name Protection
question
What ports are required for DHCP failover?
answer
67-68
question
When you add a DHCP reservation for a printer, what two components should you include in the reservation? (Choose two answers)
answer
the MAC address the IP address
question
You have two DHCP servers, Server1 and Server2, running Windows Server 2012. You create a scope called Scope1. Server1 is your primary DHCP server. What is the easiest way to assign 80 percent of the addresses to Server1 and 20 percent to Server2?
answer
On Scope1, run the Split-Scope Wizard
question
You have just installed a new DHCP server. You try to start the DHCP service, but it will not start. What should you do?
answer
Authorize the server in Active Directory
question
You replaced your DHCP server due to hardware failure. You restore the server from a backup. You need to ensure that DHCP clients do not receive IP address that are currently in use on the network. What should you do?
answer
Set the Conflict Detection value to 2
question
You have a server running Windows Server 2012. You want to assign the same IP address from the DHCP server to the server every time. What do you need to do?
answer
Create a reservation
question
You have a 192.168.1.0/24 subnet. Using DHCP, you want IP phones to be assigned addresses between 192.168.1.51-100 and desktop computer assigned to addresses between 192.168.1.101-155. How should you proceed while keeping the administrative effort to a minimum?
answer
Use DHCP policies
question
You have the following DHCP scope: 192.168.1.0/24. You need to migrate the clients to 172.24.1.0/16. What type of scope should you create to perform the migration?
answer
a superscope
question
You are an administrator for the Contoso Corporation. Your primary office is in Sacramento and your data recovery site is in Las Vegas. You want to install a DHCP server at both locations to provide high availability. Which configuration should you use?
answer
Hot Standby mode failover partner
question
You have a server running Windows Server 2012 with five networks. You create two teams, each with two NICs. You want to use reservations to always assign the same iP addresses to the interfaces. how many reservations do you need on the DHCP server?
answer
3
question
Which of the following actions secures a DNS zone using a public key infrastructure?
answer
Sign the zone
question
Which of the following allows a DNS server to act as a key master?
answer
KSK
question
Which DNS Resource Record provides a validated denial of existence?
answer
NSEC3
question
Which dnscmd command-line parameter sets the capability to resolve non FQDN names?
answer
/Enableglobalnamessupport
question
Which of the following actions can you not record or perform using DNS debug logging? (Choose all that apply)
answer
Zone transfer Start / Stop DNS Service
question
Which security group has DNS administration privileges across the forest? (Choose all that apply)
answer
Enterprise Admins
question
Which LocalPriorityNet setting masks a Class A IP address?
answer
0x00ffffff
question
Which of the following statements about the GlobalNames zones in Windows Server 2012 DNS Server role are true?
answer
GlobalNames zones are useful in multi-DNS domain system
question
Disabling Server recursion has which of the following effects?
answer
Restricts a DNS server to its own database
question
Which built-in Domain Local Security group allows full control of the DNS server functions within a single domain?
answer
DNS Admins
question
Which IPAM Security Group allows access to IP address tracking information but not full administration of an IPAM server?
answer
IPAM Audit Administrators
question
IPAM servers should be installed on which Windows Server 2012?
answer
domain-joined sole purpose
question
Which of the following functions does IPAM not carry out?
answer
monitoring
question
IPAM can be administered from which operating system?
answer
Windows 8
question
Which of the following GPOs is not created when IPAM is provisioned using the automatic Group Policy method?
answer
IPAM1_NPS
question
How many DNS servers can be managed from a single IPAM server?
answer
500
question
How much RAM is required to install an IPAM server?
answer
4 GB
question
Which Windows PowerShell cmdlet commences the automatic Group Policy provisioning on an IPAM server?
answer
Invoke-IpamGpoProvisioning
question
Which of the following devices will IPAM manage? (Choose all that apply)
answer
Windows Server 2008 R2 DNS Server Windows Server 2012 NPS server
question
Which of the following are IPAM collection tasks? (Choose all that apply)
answer
Audit Service Monitoring ServerConfiguration
question
What should be used to reflect the organizational structure of your organization?
answer
OU
question
Which of the following uses non-contiguous namespace?
answer
Forest
question
Which partition are used by Active Directory? (Choose all that apply)
answer
configuration partition domain partition schema partition
question
What utility do you use to update the domain function level?
answer
Active Directory Users and Computers
question
What is the minimum domain function level to support fine-grained password policies?
answer
Windows Server 2008
question
What is the minimum domain functional level to support read-only domain controller?
answer
Windows Server 2008
question
What is the minimum domain functional level to support compound authentication and kerberos armoring?
answer
Windows Server 2008 R2
question
What forest functional level do you need to support Active Directory Recycle Bin?
answer
Windows Server 2008 R2
question
What forest functional level supports the renaming of domains?
answer
Windows Server 2003
question
What tool is used to raise the forest functional levels?
answer
Active Directory Domains and Trusts
question
What tool do you use to add additional UPN suffixes?
answer
Active Directory Domains and Trusts
question
You are ready to upgrade a domain to a domain functional level of Windows Server 2012 R2. Which of the following methods is the most recommended?
answer
Perform a clean install of a new domain controller and retirement of old domain controllers.
question
What domain functional level do you need to support Active Directory Recycle Bin?
answer
Windows Server 2008 R2
question
You have a domain called Contoso.com, running the domain functional level Windows 2000. The domain has the following domain controllers: one Windows Server 2000, two Windows Servers 2003 R2, and two Windows Servers 2008 R2. You want to add a domain controller running Windows Server 2012 R2. What should you do first?
answer
Decommission the Windows 2000 domain controller.
question
You have an Active Directory forest with two domains/trees: contoso.com and litware.com The contoso.com domain has a domain functional level of Windows Server 2008, whereas the litware.com has a domain functional level of Windows Server 2003. You want to install Windows Server 2012 R2, and promote the server to a domain controller. What should you do?
answer
Run the Active Directory Domain Services Configuration Wizard.
question
After using the Active Directory Migration tool to migrate users to your new domain, what concerns should you have when creating a new external trust or forest trust?
answer
Recently migrated accounts will have a new Security Identifier (SID) and an updated SID History
question
Users in a UNIX Realm need to access resources in a Windows Server 2012 domain. What type of trust will you create? a. external trust b. forest trust c. shortcut trust d. none of the above
answer
none of the above
question
You have two domains in a single internal forest. What type of trust should you create so that all users can log into computers in both domains?
answer
automatic trust
question
You have just created a two way forest trust between Forest A and Forest B and are using forest-wide authentication. Some users complain that they cannot log into their domain-joined computers in the other forest. What should you do.
answer
Have users log in with their email address
question
You are the Domain Administrator for support.adatum.local and have been working with the Enterprise Administrator for contoso.local to create a one-way external trust between support.adatum.local and support.contoso.local. Your domain, support.adatum.local will be the trusted domain. The Contoso Enterprise Admins have created a one way incoming turst with your domain. What will you need to do?
answer
Ask the Contoso Enterprise Admins to remove the recently created trust and create a one-way outgoing trust
question
You are attempting to create a trust between Adatum.local and Contoso.local, both Windows Server 2012 domains. You run the New Trust Wizard and enter in the domain name for Contoso.local. The next screen of the wizard says "The name you specified is not a valid Windows Domain name. Is the specified name a Kerberosv5 realm"? What do you do to resolve the problem?
answer
Configure DNS
question
You are tasked with creating a forest trust and will work closely with the Enterprise Administrator in the second forest. What tool(s) can you use to create the trust?
answer
netdom Active Directory Domains and Trusts tool
question
Which of the following statements about external trusts are true?
answer
External trusts connect two domains in different forests with one another.
question
When troubleshooting a trust, what tool(s) can you use? (Select all that apply)
answer
netdom DNS
question
The company CIO invites you to his office to investigate possible malicious misuse of elevated permissions involving an individual from another domain in your trust. What should be reviewed in your investigation?
answer
SID filtering.
question
You have recently installed a domain controller, but your clients are unable to authenticate against it. You notice the SRV records for the domain controller have not been populated in DNS. What will you do to re-register the SRV records in DNS?
answer
Restart the NETLOGON service
question
Clients at a remote site are complaining that it takes an unacceptable amount of time to log in to their computers when they come in every morning. You check the logs of the domain controllers and notice that the clients are authenticating with a domain controller at the headquarters office and not with the domain controller at the remote office. You verify that the domain controller at the remote office is configured and registering SRV records in DNS correctly. What must be done to ensure all clients in the remote site authenticate with the domain controller in the remote site?
answer
Create a subnet in the Active Directory Sites and Services tool.
question
You have installed a Read Only Domain Controller (RODC) at a remote location. After looking through the logs, you notice that the Windows Server 2003 servers have automatically covered the remote site. What is the next step you need to take? a. Modify the SearchFlags attribute b. Open REGEDIT on the Windows Server 2003 domain controllers
answer
Restart the NETLOGON service of the RODC
question
You have recently have a physical domain controller fail during a routing maintenance reboot. The drives have failed and you cannot purchase new drives. Luckily you have recently implemented a Hyper-V solution. Instead of restoring it from backup, you brought online a new virtual domain controller running Windows Server 2012 Once the new server is back up and replicating with other partners within its site you notice no replication is taking place between the sites. Why has replication stopped between sites?
answer
The failed domain controller was a manually configured bridgehead server
question
You have recently bought a new site online. During your planning stages, you set up two new domain controllers for the new site and you are ready to move them. What tool will you use to move the domain controllers to the remote site.
answer
Active Directory Sites and Services
question
You are working in an environment that has a non-Windows DNS server resolving all client requests. You are unable to use DNS Manager to view what records your Windows Server 2012 has registered with DNS. Where can you view the SRV records that the domain controller has created?
answer
NETLOGON.DNS
question
You have recently purchased a new building. There is not a secure location to put a domain controller, but there will be 800 end users requiring authentication. The WAN link between sites is as reliable as you would like. What will be your solution authenticate the users?
answer
Create a new site and install RODCs.
question
By default, which of the following values represents the site link cost?
answer
100
question
While monitoring replication traffic, you notice that replication traffic between two sites is traversing three site links instead of going directly site to site. The bridge All Site Links option is enabled.
answer
Check the site link costs.
question
You receive a warning in the event logs of your domain controllers recommending you view the %SystemRoot%debugnetlogon.log file. When you open the log file, you notice it is full of entries stating NO_CLIENT_SITE. What should you do first to stop these entries from population in the log fire? Your environment has no remote offices.
answer
Create a site.
question
What Global state of FRS to DFSR migration allows for Rollback?
answer
State 0 State 1 State 2
question
After performing an FRS to DFSR upgrade, what will the SYSVOL share be named?
answer
SYSVOL
question
What downloadable tool provides immediate access to related TechNet articles to assist in the resolution of common replication errors?
answer
ADREPLSTATUS
question
Which of the following commands, run from a command prompt, allows you to monitor, troubleshoot, and force replication on Windows Server 2012?
answer
REPADMIN
question
Which of the following replication topologies, by default, uses change notification?
answer
Intrasite Replication
question
Which of the following Domain Function Levels is the minimum required to securely implement Filtered Attribute Sets?
answer
Windows Server 2008
question
You have configured a user group on the Managed by tab of an RODC. You receive a call from a call from a member of the group indicating he is not able to log in to the RODC at the remote location when the WAN link goes down. What do you need to do?
answer
Add the group to the Allowed RODC Password Replication Group.
question
When replicating a single object between domain controllers, what will you use to specify the object name?
answer
Distinguished Name (DN)
question
Which of the following allows passwords to be cached on an RODC before users log in to the RODC?
answer
Allow Password Replication and Password Prepopulation.
question
Before upgrading your SYSLOG replication from FRS to DFSR, the Domain Functional Level must be at least what version?
answer
Windows Server 2008
question
What kind of system are you creating when you install a certificate authority (CA) on a domain controller?
answer
PKI
question
Which of the following role services allows you to validate and revoke certificates?
answer
Online Responder
question
What is required to install an enterprise CA?
answer
Active Directory
question
Which services can be used to check the validity of a digital certificate?
answer
CRL Online Responder
question
You have two servers called Server01 and Server02, which are running Windows Server 2012. You configure Server01 as an enterprise root CA. You install the Online Responder role service on Server02. What do you need to do so that Server01 uses the Online Responder on Server02?
answer
Configure the Authority Information Access (AIA) extension.
question
You have an Active Directory domain. You install Active Directory Certificate Services (AD CS) role on a stand alone server. However, when you install the AD CS role as an Enterprise CA, the Enterprise CA option is not available. What should you do?
answer
Join the server to the domain.
question
You install AD CS and configure it as a standalone CA. You need a fellow administrator to audit changes to the CA configuration settings and the CA security settings. What two things must be done to enable the auditing?
answer
Configure auditing in the Certificate Authority snap-in. Enable the Audit object access settings in the Local Security Policy for the AD CS server.
question
You have a two-tier PKI consisting of an offline root CA and an online issuing CA. The Enterprise CA is running Windows Server 2012. You need to ensure the CA can hand out new certificates. What should you do?
answer
With the root CA running and connected, renew the CRL on the root CA. Copy the CRL to the CertEnroll folder on the issuing CA.
question
You have installed an Enterprise Root CA on Server01. You need to ensure that the ITManagers group is authorized to revoke the certificate on Server01. What should you do?
answer
Assign the Allow Issue and Manage Certificates permission.
question
You have an enterprise CA and an ITManagers group that you want to allow to publish new certificate revocation lists but not allow to revoke certificates. What should you do?
answer
Assign the Manage CA permissions to the ITManagers group.
question
You are an administrator for the Contoso Corporation, which has a Windows Server 2012 Active Directory domain. You need to install an Enterprise Root Certificate Authority (CA) that also provides highly available revoke certificate information. What should you do?
answer
Implement an Online Certificate Protocol (OCSP) responder by using Network Load Balancing.
question
You deploy an enterprise CA on your Active Directory domain. You create a global security group called CertAdmins. You need to ensure that CertAdmins can issue, approve, and revoke certificates. What should you do?
answer
Assign the Certificate Manager role to the CertAdmins group.
question
You are installing an Enterprise CA on a new member server that is part of the domain. However when you run the Add Roles Wizard, the Enterprise CA is disabled. What is the problem?
answer
You are not logged on as an enterprise admin.
question
You have an enterprise CA. What do you need to minimize the amount of network bandwidth required to validate a certificate?
answer
Configure an LDAP publishing point for the CRL.
