Shared Flashcard Set

Details

Active Directory Lesson 13
Microsoft Server 2008 AD
20
Computer Networking
Not Applicable
01/11/2017

Additional Computer Networking Flashcards

 


 

Cards

Term
The ___ allows administrators to obtain PKI certificates for network infrastructure devices such as routers and switches
Definition
Network Device Enrollment Service
Term
One or more Online Responders can be chained together to form a(n) ___.
Definition
Responder array
Term
A(n) ___ is a CA that integrates with Active Directory and allows autoenrollment of user and computer certificates through the use of Group Policy and certificate templates
Definition
enterprise CA
Term
For a user to log on to a workstation using a smart card, that workstation must be equipped with a(n) ___.
Definition
smart card reader
Term
The top-level CA in any PKI hierarchy is the ___.
Definition
root CA
Term
One alternative to public key cryptography is to use a(n) ___.
Definition
shared secret key
Term
Each PKI certificate consists of a public key that is widely known and a(n) ___ that is known only to the user or computer who holds the certificate
Definition
private key
Term
Users can request certificates via the Web using the ___ service
Definition
Certification Authority Web Enrollment
Term
To protect against lost or corrupted private keys, you can configure one or more users to function as a(n) ___ within AD Certificate Services
Definition
key recovery agent
Term
You can manage many facets of the AD Certificate Services server role from the command line by using the ___ utility
Definition
certutil
Term
Each PKI environment can have one and only one of the following:
a. Standalone CA
b. Enterprise CA
c. Root CA
d. Subordinate CA
Definition
Root CA

Each Public Key Infrastructure is hierarchical, with a single root CA at the top and any number of subordinate CAs residing beneath the root CA
Term
Each server that functions as a CA must be configured with a(n):
a. Revocation configuration
b. Key Recovery Agent
c. User template
d. Online Responder
Definition
Key Recovery Angent

Each Certificate Authority in a PKI environment must have a revocation configuration, regardless of how many exist within an environment
Term
You can restrict enrollment agents so that they can only request certificates on behalf of specific users or computers based on:
a. OU membership
b. Security group membership
c. Name
d. Email address
Definition
Security group membership

Restricted enrollment agents are configured on the basis of security group memberships. You cannot restrict them based on Organizational Units
Term
To configure an offline root CA, your root CA must be configured as follows:
a. Standalone CA
b. Enterprise CA
c. Subordinate CA
d. Online Responder
Definition
Standalone CA

To configure an offline root, the CA must be configured as a standalone CA and not an enterprise CA
Term
Certificate templates must be compatible with at least which operating system to allow autoenrollment?
a. Windows Server 2008
b. Windows 2000 Server
c. Windows Server 2003
d. Windows Vista Enterprise
Definition
Windows Server 2003

Certificate autoenrollment is supported in Windows Server 2003 and Windows Server 2008, so any templates that allow this feature must be compatible with Windows Server 2003 or later
Term
A lost or corrupted private key can only be recovered by someone who has been issued a(n):
a. Key Recovery Agent certificate
b. Administrator certificate
c. Domain Controller certificate
d. Online Responder certificate
Definition
Key Recovery Agent certificate

Key Recovery Agents are part of the private key escrow process that is available when AD CS is integrated with Active Directory
Term
An organization may have one or more of these to distribute the load of issuing certificates in a geographically dispersed organization:
a. Root CA
b. Enterprise CA
c. Standalone CA
d. Intermediate CA
Definition
Intermediate CA

The hierarchical nature of PKI allows you to deploy intermediate CAs to provide distributed load balancing for issuing certificates within an organization.
Term
To authenticate using a smart card that has been configured for a user, the user must have the following installed at his workstation:
a. Smart card enrollment station
b. Online Responder
c. Smart card reader
d. Smart card enrollment agent
Definition
Smart card reader

To deploy smart cards for user logons, each workstation using smart cards must have an installed smart card reader
Term
Which component of Active Directory Certificate Services uses the Online Certificate Status Protocol to respond to client requests?
a. NDES
b. Online Responder
c. Certificate Revocation List
d. Subordinate CA
Definition
Online Responder

The Online Responder uses the Online Certificate Status Protocol (OCSP) to respond to client requests for certificate status and revocation information
Term
Which of the following provides an alternative to the use of public key cryptography for secured communications?
a. Shared secret key
b. Online Certificate Status protocol
c. Private key cryptography
d. Responder Arrays
Definition
Shared secret key

Shared secret keys involve a fast and simple method of encryption, but it is difficult to deploy shared secret keys throughout an organization regardless of its size
Supporting users have an ad free experience!