Term
The ___ allows administrators to obtain PKI certificates for network infrastructure devices such as routers and switches |
|
Definition
Network Device Enrollment Service |
|
|
Term
One or more Online Responders can be chained together to form a(n) ___. |
|
Definition
|
|
Term
A(n) ___ is a CA that integrates with Active Directory and allows autoenrollment of user and computer certificates through the use of Group Policy and certificate templates |
|
Definition
|
|
Term
For a user to log on to a workstation using a smart card, that workstation must be equipped with a(n) ___. |
|
Definition
|
|
Term
The top-level CA in any PKI hierarchy is the ___. |
|
Definition
|
|
Term
One alternative to public key cryptography is to use a(n) ___. |
|
Definition
|
|
Term
Each PKI certificate consists of a public key that is widely known and a(n) ___ that is known only to the user or computer who holds the certificate |
|
Definition
|
|
Term
Users can request certificates via the Web using the ___ service |
|
Definition
Certification Authority Web Enrollment |
|
|
Term
To protect against lost or corrupted private keys, you can configure one or more users to function as a(n) ___ within AD Certificate Services |
|
Definition
|
|
Term
You can manage many facets of the AD Certificate Services server role from the command line by using the ___ utility |
|
Definition
|
|
Term
Each PKI environment can have one and only one of the following: a. Standalone CA b. Enterprise CA c. Root CA d. Subordinate CA |
|
Definition
Root CA
Each Public Key Infrastructure is hierarchical, with a single root CA at the top and any number of subordinate CAs residing beneath the root CA |
|
|
Term
Each server that functions as a CA must be configured with a(n): a. Revocation configuration b. Key Recovery Agent c. User template d. Online Responder |
|
Definition
Key Recovery Angent
Each Certificate Authority in a PKI environment must have a revocation configuration, regardless of how many exist within an environment |
|
|
Term
You can restrict enrollment agents so that they can only request certificates on behalf of specific users or computers based on: a. OU membership b. Security group membership c. Name d. Email address |
|
Definition
Security group membership
Restricted enrollment agents are configured on the basis of security group memberships. You cannot restrict them based on Organizational Units |
|
|
Term
To configure an offline root CA, your root CA must be configured as follows: a. Standalone CA b. Enterprise CA c. Subordinate CA d. Online Responder |
|
Definition
Standalone CA
To configure an offline root, the CA must be configured as a standalone CA and not an enterprise CA |
|
|
Term
Certificate templates must be compatible with at least which operating system to allow autoenrollment? a. Windows Server 2008 b. Windows 2000 Server c. Windows Server 2003 d. Windows Vista Enterprise |
|
Definition
Windows Server 2003
Certificate autoenrollment is supported in Windows Server 2003 and Windows Server 2008, so any templates that allow this feature must be compatible with Windows Server 2003 or later |
|
|
Term
A lost or corrupted private key can only be recovered by someone who has been issued a(n): a. Key Recovery Agent certificate b. Administrator certificate c. Domain Controller certificate d. Online Responder certificate |
|
Definition
Key Recovery Agent certificate
Key Recovery Agents are part of the private key escrow process that is available when AD CS is integrated with Active Directory |
|
|
Term
An organization may have one or more of these to distribute the load of issuing certificates in a geographically dispersed organization: a. Root CA b. Enterprise CA c. Standalone CA d. Intermediate CA |
|
Definition
Intermediate CA
The hierarchical nature of PKI allows you to deploy intermediate CAs to provide distributed load balancing for issuing certificates within an organization. |
|
|
Term
To authenticate using a smart card that has been configured for a user, the user must have the following installed at his workstation: a. Smart card enrollment station b. Online Responder c. Smart card reader d. Smart card enrollment agent |
|
Definition
Smart card reader
To deploy smart cards for user logons, each workstation using smart cards must have an installed smart card reader |
|
|
Term
Which component of Active Directory Certificate Services uses the Online Certificate Status Protocol to respond to client requests? a. NDES b. Online Responder c. Certificate Revocation List d. Subordinate CA |
|
Definition
Online Responder
The Online Responder uses the Online Certificate Status Protocol (OCSP) to respond to client requests for certificate status and revocation information |
|
|
Term
Which of the following provides an alternative to the use of public key cryptography for secured communications? a. Shared secret key b. Online Certificate Status protocol c. Private key cryptography d. Responder Arrays |
|
Definition
Shared secret key
Shared secret keys involve a fast and simple method of encryption, but it is difficult to deploy shared secret keys throughout an organization regardless of its size |
|
|