You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the
Windows Server Update Services server role installed.
You need to configure Windows Server Update Services (WSUS) to support Secure Sockets
Layer (SSL).
Which three actions should you perform? (Each correct answer presents part of the solution.
Choose three.)
A.
From Internet Information Services (IIS) Manager, modify the connection strings of the
WSUS website.
B.
Install a server certificate.
C.
Run the wsusutil.exe command.
D.
Run the iisreset.exe command.
E.
From Internet Information Services (IIS) Manager, modify the bindings of the WSUS website.
Explanation:
Certficate needs to be installed to IIS, Bindings modifies and wsutil run.
1. First we need to request a certificate for the WSUS web site, so open IIS, click the server
name, then open Server Certificates.
On the Actions pane click Create Domain Certificate.
2. To add the signing certificate to the WSUS Web site in IIS 7.0
On the WSUS server, open Internet Information Services (IIS) Manager.
Expand Sites, right-click the WSUS Web site, and then click Edit Bindings.
In the Site Binding dialog box, select the https binding, and click Edit to open the Edit Site
Binding dialog box.
Select the appropriate Web server certificate in the SSL certificate box, and then click OK.
Click Close to exit the Site Bindings dialog box, and then click OK to close Internet
Information Services (IIS) Manager.
3. WSUSUtil.exe configuressl<FQDN of the software update point site system> (the name
in your certificate)
WSUSUtil.exe configuressl<Intranet FQDN of the software update point site system>.
4. The next step is to point your clients to the correct url, by modifying the existing GPO or
creating a new one. Open the policy Specify intranet Microsoft update service location and
type the new url in the form https: //YourWSUSserver.
The gpupdate /force command will just download all the GPO’s and re-apply them to the
client, it won’t force the client to check for updates. For that you need to use wuauclt
/resetautorization /detectnow followed by wuauclt /reportnow
http: //technet. microsoft. com/en-us/library/bb680861 . aspx
http: //technet. microsoft. com/en-us/library/bb633246. aspx
http: //www. vkernel. ro/blog/configure-wsus-to-use-ssl
.
B , C , E
1. First we need to request a certificate for the WSUS web site, so open IIS, click the server name, then open Server Certificates.
On the Actions pane click Create Domain Certificate.
2. To add the signing certificate to the WSUS Web site in IIS 7.0
On the WSUS server, open Internet Information Services (IIS) Manager.
Expand Sites, right-click the WSUS Web site, and then click Edit Bindings.
In the Site Binding dialog box, select the https binding, and click Edit to open the Edit Site Binding dialog box.
Select the appropriate Web server certificate in the SSL certificate box, and then click OK.
Click Close to exit the Site Bindings dialog box, and then click OK to close Internet Information Services (IIS) Manager.
3. WSUSUtil.exe configuressl (the name in your certificate) WSUSUtil.exe configuressl.
4. The next step is to point your clients to the correct url, by modifying the existing GPO or creating a new one. Open the policy Specify intranet Microsoft update service location and type the new url in the form https://YourWSUSserver.
The gpupdate /force command will just download all the GPO’s and re-apply them to the client, it won’t force the client to check for updates. For that you need to use wuauclt /resetautorization /detectnow followed by wuauclt /reportnow
The answer is BCE