Windows Server 2008 Security Infrastructure Services

Card Set Information

Author:
pacheco2001usa
ID:
210263
Filename:
Windows Server 2008 Security Infrastructure Services
Updated:
2013-03-30 23:19:29
Tags:
Windows Server 2008 R2 Security Infrastructure Services
Folders:

Description:
Security Infrastructure Services for Windows Server 2008 (Chapter 9)
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user pacheco2001usa on FreezingBlue Flashcards. What would you like to do?


  1. What type of connection is stablished by a dial up connection?
    The client and the server establish a Point-to-Point Protocol (PPP) connection, during which the server authenticates the client and the computers negotiate a set of communication parameters they have in common.
  2. Why is PPP simpler than Ethernet?
    PPP is much simpler than Ethernet because the two computers are using a dedicated connection, and there is no need to address each packet to a particular destination, as they must do on a local area network (LAN).
  3. Describe a VPN
    • In a virtual private network (VPN) connection, the remote client and the remote access server are both connected to the Internet, using local service providers.
    • The client establishes a connection to the server using the Internet as a network medium and, after authentication, the server grants the client access to the network.
  4. What are the protocols that Windows Server 2008 support?
    The VPN protocols that Windows Server 2008 supports are as follows:Point-to-Point Tunneling Protocol (PPTP)Layer 2 Tunneling Protocol (L2TP)Secure Socket Tunneling Protocol (SSTP)
  5. What's PPPT (Point-to-Point Tunneling Protocol)?
    The oldest of the VPN protocols, PPTP takes advantage of the authentication, compression, and encryption mechanisms of PPP, tunneling the PPP frame within a Generic Routing Encapsulation (GRE) header and encrypting it with Microsoft Point-to-Point Encryption (MPPE), using encryption keys generated during the authentication process.
  6. What are the disadvantages of PPTP?
    PPTP therefore can provide data protection, but not other services, such as packet origin identification or data integrity checking.
  7. What type of authentication PPTP supports?
    For authentication, PPTP supports only the Microsoft Challenge Handshake.Authentication Protocol version 1 (MS-CHAP v1), Microsoft Challenge  and shake.Authentication Protocol version 2 (MS-CHAP v2), Extensible Authentication Protocol (EAP), or Protected Extensible Authentication Protocol (PEAP). Although it can use them (with EAP), one of the advantages of PPTP is that it does not require the use of certificates. In most cases, organizations use PPTP as a fallback protocol for clients running non-Windows operating systems.
  8. What's L2TP (Layer 2 Tunneling Protocol) with IPsec?
    L2TP relies on the IP security extensions (IPsec) for encryption, and as a result performs a double encapsulation. The system adds an L2DP header to the PPP frame and packages it with the User Datagram Protocol (UDP).Then it encapsulates the UDP datagram with the IPsec Encapsulating Security Payload (ESP) protocol, encrypting the contents using the Data Encryption Standard (DES) or Triple DES (3DES) algorithm, with encryption keys generated during IPsec’s Internet Key Exchange (IKE) negotiation process.
  9. What's the advantage of L2TP over PPTP?
    The L2TP/IPsec combination provides a more complete set of services than PPTP, including packet origin identification, data integrity checking, and replay protection.
  10. What's the preferred protocol of Windows XP users?
    L2TP/IPsec is the preferred protocol.
  11. (SSTP) Secure Socket Tunneling Protocol
    • New to Windows Server 2008 and supported only by clients running Windows Vista with Service Pack 1
    • SSTP encapsulates PPP traffic using the Secure Sockets Layer (SSL) protocol supported by virtually all Web servers.
  12. What's the advantage of SSTP?
    The advantage of this is that administrators do not have to open an additional external port in the server, as SSTP uses the same TCP port 443 as SSL.
  13. How SSTP authenticates?
    SSTP uses certificates for authentication, with the EAP-TLS authentication protocol, and in addition to data encryption, provides integrity checking and enhanced key negotiation services.
  14. What protocols are used to authenticate remote users?
    • Extensible Authentication Protocol (EAP)Protected EAP (PEAP)
    • Extensible Authentication Protocol Transport Level Security (EAP-TLS)
    • Microsoft Challenge Handshake Authentication Protocol Version 2 (MS-CHAPv2)
    • Challenge Handshake Authentication Protocol (CHAP)
    • Password Authentication Protocol (PAP)Unauthenticated Access
  15. What's EAP (Extensible Authentication Protocol)?
    EAP is a shell protocol that provides a framework for the use of various types of authentication mechanisms.
  16. What's the advantage of EAP?
    The primary advantage of EAP is that it enables a computer to use mechanisms other than passwords for authentication, including public key certificates and smart cards, as well as providing an extensible environment for third-party authentication mechanisms.
  17. What's PEAP (Protected EAP)?
    The primary function of PEAP is to use Transport Level Security (TLS) to create an encrypted channel between a wireless client and an authentication server. The use of PEAP is not supported for remote access clients.
  18. What's Extensible Authentication Protocol-Transport Level Security (EAP-TLS)?
    Enables the server to support authentication with smart cards or other types of digital certificates.
  19. What's are the requirement for EAP-TLS?
    To use EAP-TLS, you must obtain and install a certificate on the remote access server and configure both the server and the client to use smart card authentication.
  20. What's the strongest authentication method supported by Windows Server 2008 Remote Access?
    EAP-TLS
  21. What's Microsoft Encrypted AuthenticationVersion 2 (MS-CHAPv2)?
    It's an authentication protocol that uses a new encryption key for each connection and for each direction in which data is transmitted.
  22. What are some characteristics of MS-CHAPv2?
    • The strongest password-based authentication method supported by Windows Server 2008 Remote.
    •  AccessSelected by default.
    • MS-CHAPv2 supports mutual authentication of clients and servers, as well as encryption of both authentication and connection data.
  23. What's Challenge Handshake Authentication Protocol (CHAP)?
    it's an Authentication protocol that uses MD5 hashing to encrypt user passwords, but it does not support the encryption of connection data, and the passwords it uses must be stored in a reversibly encrypted format.
  24. What are some of the characteristics of CHAP?
    • Provides relatively weak protection when compared to MS-CHAPv2.
    • Windows Server 2008 does not select CHAP by default.
    • Mostly used to provide compatibility with non-Microsoft clients.
  25. What's PAP (Password Authentication Protocol)?
    • The least secure of the authentication protocols supported by Windows Server 2008.
    • It uses simple passwords for authentication, and transmits them in clear text.
    • Requires no special technology, and virtually every operating system and remote access software product supports it.
  26. What's unauthenticated access?
    Windows Server 2008 also supports unauthenticated access, in which the systems use no authentication protocol at all, and the client does not have to supply a user name or password. Obviously, no authentication is the weakest form of authentication available, and should be used only when there is some other security mechanism in place or when the administrator wants to allow anyone to connect to the server.
  27. What's PKI
    Public Key Infrastructure
  28. What's a Digital Certificate?
    Is a digitally signed document, issued by a third party called a certification authority (CA), that binds a user, computer, or service holding a private key with its corresponding public key.
  29. What are the functions of a Digital Certificate?
    • Digital signature.
    • Encrypting File System (EFS).
    • Internet authentication.
    • IP Security (IPsec).
    • Secure email.
    • Smart card logon.
    • Software  code signing.
    • Wireless network authentication
  30. What are the CA supported by Windows Server 2008?
    • Windows Server 2008 supports two basic types of CAs:
    • Enterprise CA
    • Standalone CA
  31. Characteristics of Enterprise CA
    • Enterprise CAs are integrated into the Windows Server 2008 Active Directory environment.
    • Use certificate templates
    • Publish their certificates and CRLs to Active Directory
    • Use the information in Active Directory to approve or deny certificate enrollment requests automatically.
    • Because the clients of an enterprise CA must have access to Active Directory to receive certificates, enterprise CAs are not suitable for issuing certificates to clients outside the enterprise.
  32. Characteristics of Standalone CA
    • Standalone CAs do not use certificate templates or Active Directory.
    • They store their information locally.
    • By default do not automatically respond to certificate enrollment requests, as is the case with enterprise CAs.
    • Requests wait in a queue for an administrator to manually approve or deny them.
    • Are intended for situations in which users outside the enterprise submit requests for certificates.
  33. What's a root CA?
    • A root CA is the parent that issues certificates to the subordinate CAs beneath it.
    • If a client trusts the root CA, it must also trust all the subordinate CAs that have been issued certificates by the root CA.
    • The certification path included in every certificate traces the hierarchy from the issuing CA up through any additional CAs to the root.
  34. What should be considered when planning Certificate and Key lifetimes?
    When planning certificate and key lifetimes, administrators must consider how vulnerable the keys are to compromise and what the potential consequences of their compromise are.
  35. The following factors can influence the lifetime of a certificate:
    • Length of private keys.
    • Security of the CAs and their private keys.
    • Strength of the technology used for cryptographic operations.
    • Vulnerability of the CA certificate chain.
    • The users of your certificates.
    • The number of certificates that have been signed by a dedicated CA.
  36. What's Certificate Revocation
    • Is the process or reduce the lifetime of a Certificate.
    •  
  37. What's CRL (Certificate Revocation List)?
    Every CA publishes a certificate revocation list (CRL) that lists the serial numbers of certificates that it considers to be no longer valid. The specified lifetime of CRLs is typically much shorter than that of a certificate. The CA might also include in the CRL a code specifying the reason the certificate has been revoked. A revocation might occur because a private key has been compromised, because a certificate has been superseded, or because an employee has left the company. The CRL also includes the date the certificate was revoked.
  38. What's the difference between CA subordinate and the others CA's?
    The only difference in the installation procedure for an enterprise subordinate CA is the inclusion of a Request Certificate from a Parent CA page in the Add Roles Wizard in place of the Set Validity Period page.
  39. How does the CA hierarchy work?
    • While even a single CA constitutes a PKI, it is common for organizations to use multiple CAs, arranged in a hierarchy, much like Active Directory forests.
    • In a hierarchical CA structure, there is a single root CA at the top, and one or more subordinate CAs beneath it.
    • The root CA provides certificates to the subordinate CAs, which in turn can generate certificates for additional subordinate CAs or for end users.
    • In an Active Directory hierarchy, domains in the same tree automatically trust each other.
    • In a CA hierarchy, trust chaining enables clients that trust the root CA to also trust certificates issued by any other CAs subordinate to the root.
  40. What's are Certificates Templates?
    • Sets of rules and settings that define the format and content of a certificate based on the certificate’s intended use.
    • Provide the client with instructions on how to create and submit a valid certificate request.
    • Define which security principals are allowed to read, enroll for, or autoenroll for certificates based on that template.
  41. What's the function of Certificates Templates?
    Simplify the process of creating certificates and ensure that they are created consistently across an organization.
  42. Characteristics of Certificates Templates
    • Windows Server 2008 includes a large collection of predefined certificate templates, supporting a variety of functions and applications.
    • You can also customize each template for a specific use or create your own templates to suit the needs of your organization.
    • Only enterprise CAs can issue certificates based on certificate templates; standalone CAs cannot.
    • When an administrator defines a certificate template, the definition must be available to all CAs in the forest.
    • To make the definition available, administrators publish the template in Active Directory and let the Active Directory replication engine propagate the template throughout the enterprise.
  43. What dictates a client's choice of enrollment method?
    A client’s choice of enrollment method for obtaining certificates is typically dictated by the type of CA the client is requesting the certificate from and whether the client and CA can communicate across a network.
  44. What are the enrollment methods?
    • When requesting certificates from an enterprise CA, a client can use the following methods:
    • Autoenrollment
    • Web enrollment
    • Certificates Snap-in
  45. How autoenrollments work?
    • Applications automatically issue a certificate enrollment request and send it to the CA.
    • The CA then evaluates the request and issues or denies a certificate.
    • When everything works properly, the entire process is invisible to the end user.
  46. How Web enrollment works?
    • When you install Active Directory Certificate Services with the Certification Authority Web Enrollment role service, the setup wizard creates a Web site that clients can use to request certificates from the CA.
    • Although standalone CAs are more likely to use Web enrollment, enterprise CAs support it as well.
  47. How Certificates Snap-in work?
    The Certificates snap-in for MMC enables users to manually request certificates, as well as view the certificates they already possess.
  48. When is necessary to revoke a certificate and how to do it?
    • Administrators might occasionally need to revoke a certificate because a user has left the organization, because they have decommissioned a computer, or because a private key has been compromised. There are two ways to revoke certificates:
    • By using the Certification Authority snap-in
    • .By using the Certutil.exe command-line program.
  49. Which of the following types of connections is established between two computers involved in the tunneling process?
    a) VPN
    b) PPP
    c) PPTP
    d) SSTP
    • Ans: B
    • Difficulty: Easy
    • Section Ref:Security Remote Access
    • In the tunneling process, two computers establish a PPP connection.
  50. For authentication, PPTP supports all of the following authentication protocols except __________.
    a) Microsoft Challenge Handshake Authentication Protocol version 1
    b) Microsoft Challenge Handshake Authentication Protocol version 2
    c) Microsoft Point-to-Point Encryption (MPPE)
    d) Extensible Authentication Protocol
    • Ans: C
    • Difficulty: Medium
    • Section Ref: Securing Remote Access
    • For authentication, PPTP supports only the Microsoft Challenge Handshake Authentication Protocol version 1 (MS-CHAP v1), Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2), Extensible Authentication Protocol (EAP), or Protected Extensible Authentication Protocol (PEAP).
  51. Secure Socket Tunneling Protocol (SSTP) is supported only on clients running which of the following operating systems?
    a) Windows Vista
    b) Windows Vista with Service Pack 1
    c) Windows Server 2008
    d) Windows XP with Service Pack 2
    • Ans: B
    • Difficulty: Medium
    • Section Ref: Securing Remote Access
    • New to Windows Server 2008 and supported only by clients running Windows Vista with Service Pack 1, SSTP encapsulates PPP traffic using the Secure Sockets Layer (SSL) protocol supported by virtually all Web servers.
  52. Which of the following is the strongest authentication protocol supported by Windows Server 2008?
    a) Microsoft Encrypted Authentication Version 2
    b) Challenge Handshake Authentication Protocol
    c) Password Authentication Protocol (PAP)
    d) Extensible Authentication Protocol (EAP)
    • Ans: D
    • Difficulty: Hard
    • Section Ref: Securing Remote Servers
    • Authentication protocols supported by Windows Server 2008,in order from strongest to weakest, are as follows:Extensible Authentication Protocol (EAP) – EAP is a shell protocol that provides a framework for the use of various types of authentication mechanisms.
  53. Which of the following methods enables the server to support authentication with smart cards or other types of digital certificates?
    a) Extensible Authentication Protocol-Transport Level Security (EAP-TLS)
    b) Protected EAP (PEAP)
    c) Microsoft Challenge Handshake Authentication Protocol Version 2 (MS-CHAPv2)
    d) Encrypted Authentication
    • Ans: A
    • Difficulty: MediumSection
    • Ref: Securing Remote Servers
    • The Extensible Authentication Protocol-Transport Level Security (EAP-TLS) method enables the server to support authentication with smart cards or other types of digital certificates.
  54. 7. Which of the following allows designated recovery agents to create public keys that can decode encrypted information?
    a) Internet authentication
    b) digital signatures
    c) Encrypting File System
    d) IP Security
    • Ans: C
    • Difficulty: Easy
    • Section Ref: Using Certificates
    • To prevent a loss of data resulting from users leaving the organization or losing their encryption keys, EFS allows designated recovery agents to create public keys that can decode the encrypted information.
  55. Which of the following authentication devices verifies the identity of a user during logon?
    a) IP Security
    b) smart card
    c) software code signing
    d) Internet authentication
    • Ans: B
    • Difficulty: Easy
    • Section Ref: Using Certificates
    • Windows Server 2008 can use a smart card as an authentication device that verifies the identity of a user during logon.
  56. 9. Which of the following terms specifies the functions for which a digital certificate can be used?
    a) public key
    b) key usage
    c) enhanced key usage
    d) subject
    • Ans: C
    • Difficulty: Hard
    • Section Ref: Using Certificates
    • Enhanced key usage specifies the functions for which the certificate can be used.
  57. Which of the following specifies a value assigned by the CA that uniquely identifies the certificate?
    a) signature algorithm
    b) serial number
    c) version
    d) subject
    • Ans: B
    • Difficulty: Easy
    • Section Ref: Using Certificates
    • A serial number specifies a value assigned by the CA that uniquely identifies the certificate.
  58. Which of the following contains a digest of the certificate data used for digital signing?
    a) certificate policies
    b) friendly name
    c) thumbprint algorithm
    d) thumbprint
    • Ans: D
    • Difficulty: Hard
    • Section Ref: Using Certificates
    • A thumbprint contains a digest of the certificate data used for digital signing.
  59. Which of the following is not a factor that administrators should consider when choosing the length for a certificate’s lifetime?
    a) provider of the certificate
    b) standard practices in the industry
    c) government regulations
    d) type of certificate
    • Ans: A
    • Difficulty: Easy
    • Section Ref: Using Certificates
    • There are a number of factors administrators should consider when choosing the length for a certificate’s lifetime such as the type of certificate, the security requirements of the organization, the standard practices in the industry, and government regulations.
  60. In Windows Server 2008, a root CA’s self-generated certificate defaults to a validity period of __________.
    a) 6 months
    b) 1 year
    c) 3 years
    d) 5 years
    • Ans: D
    • Difficulty: Easy
    • Section Ref: Using Certificates
    • In the case of Windows Server 2008, a root CA’s self-generated certificate defaults to a validity period of five years.
  61. Which of the following is not a role that can be selected when you install Active Directory Certificate Services on a Windows Server 2008 computer?
    a) subordinate
    b) enterprise
    c) standalone
    d) intermediate
    • Ans: D
    • Difficulty: Medium
    • Section Ref: Using Certificates
    • Unlike the strictly defined root, subordinate, enterprise, and standalone CAs, intermediate and issuing servers are not roles that you select when you install Active Directory Certificate Services on a Windows Server 2008 computer.
  62. 15. Which of the following is not a required permission that must be granted to the same user or group for the autoenrollment certificate template permission to function correctly?
    a) Allow Autoenroll
    b) Allow Enroll
    c) Allow Read
    d) Allow Write
    • Ans: D
    • Difficulty: Easy
    • Section Ref: Using Certificates
    • For autoenrollment to function correctly, you must ensure that all three of the required permissions (Allow Read, Allow Enroll, and Allow Autoenroll) are granted to the same user or group.
  63. Which of the following template versions provides backward compatibility for CAs running Windows Server 2003, Standard Edition and Windows 2000 family operating systems?
    a) version 1
    b) version 2
    c) version 3
    d) version 4
    • Ans: A
    • Difficulty: Medium
    • Section Ref: Using Certificates
    • Version 1 templates provide backward compatibility for CAs running Windows Server 2003, Standard Edition and Windows 2000 family operating systems.
  64. Which of the following Windows Server 2008 Certificate templates allows user authentication, EFS encryption, secure email, and certificate trust list signing?
    a) administrator
    b) user
    c) computer
    d) domain controller
    • Ans: A
    • Difficulty: Easy
    • Section Ref: Using Certificates
    • The administrator certificate template allows user authentication, EFS encryption, secure email, and certificate trust list signing.
  65. 18. Smartcard User is a version __________ certificate template.
    a) 1
    b) 2
    c) 3
    d) 4
    • Ans: A
    • Difficulty: Medium
    • Section Ref: Using Certificates
    • Smartcard User is a version 1 certificate template.
  66. 19. Which of the following steps is not part of the certificate enrollment process?
    a) generating keys
    b) requesting the certificate
    c) verifying the certificate
    d) sending or posting the certificate
    • Ans: C
    • Difficulty: EasySection
    • Ref: Using Certificates
    • Although enrollment options might be restricted by network connectivity issues or by the use of a standalone CA, the certificate enrollment process always follows the same high-level procedure:generating keys, collecting required information, requesting the certificate, verifying the information, creating the certificate, and sending or posting the certificate.
  67. Users that connect to the network from offsite locations, such as travelers and telecommuters, cannot use Kerberos.
    True
  68. The use of PEAP is supported for remote access clients.
    False
  69. Enterprise CAs are not suitable for issuing certificates to clients outside the enterprise.
    True
  70. If you deliberately do not renew a CA’s certificate, all certificates that the now-expired CA has issued are no longer usable.
    True
  71. For VPN connections involving Windows XP clients, __________ is the preferred protocol.
    • Ans: L2TP/IPsec
    • Difficulty: Medium
    • Section Ref: Securing Remote Servers
  72. A root CA issues its own __________ certificate, which functions as the top of the certificate chain for all certificates issued by all CAs subordinate to the root.
    • Ans: self-signed
    • Difficulty: Medium
    • Section Ref: Using Certificates
  73. Administrators should renew a CA every__________ years to prevent the CA from publishing new certificates with lifetimes shorter than a year.
    • Ans: four, 4
    • Difficulty: Easy
    • Section Ref: Using Certificates
  74. To reduce the number of requests sent to a CA, clients typically __________ CRLs and use them until they expire.
    • Ans: cache
    • Difficulty: Medium
    • Section Ref: Using Certificates
  75. Only __________ CAs can issue certificates based on certificate templates; standalone CAs cannot.
    • Ans: enterprise
    • Difficulty: Medium
    • Section Ref: Using Certificates
  76. Certificate __________ is the process by which a client requests a certificate and a CA generates one.
    • Ans: enrollment
    • Difficulty: Easy
    • Section Ref: Using Certificates
  77. A(n) __________ module is a set of rules that the CA uses to determine whether it should approve the request, deny it, or mark it as pending for later review by an administrator.
    • Ans:  policy
    • Difficulty: Hard
    • Section Ref: Using Certificates
  78. The CA uses a(n) __________ module to determine how it should make the new certificate available to the applicant.
    • Ans: exit
    • Difficulty: Easy
    • Section Ref: Using Certificates
  79. __________ CRLs are shorter lists of certificates that have been revoked since the last full CRL was published.
    • Ans: Delta
    • Difficulty: Hard
    • Section Ref: Using Certificates
  80. The data-link and network layers are two of the seven layers defined by which reference model?
    • Ans: Open System Interconnection, OSI
    • Difficulty: Easy
    • Section Ref: Securing Remote Access
  81. In what type of connection are the remote client and the remote access server both connected to the Internet using local service providers?
    • Ans: Virtual Private Network, VPN
    • Difficulty: Easy
    • Section Ref: Securing Remote Access
  82. When an organization has multiple remote access servers, it is possible to offload the authentication process to a centralized server running which protocol?
    • Ans: Remote Authentication Dial in User Service, RADIUS
    • Difficulty: Medium
    • Section Ref: Securing Remote Access
  83. A certificate has a specified lifetime, but what is the name of the process by which CAs can reduce a certificate lifetime?
    • Ans: certificate revocation
    • Difficulty: Easy
    • Section Ref: Using Certificates
  84. When installing an enterprise root CA, which option instructs the wizard to create a new private key for the CA?
    • Ans: Create a New Private Key
    • Difficulty: Medium
    • Section Ref: Using Certificates
  85. What enables clients who trust the root CA to also trust certificates issued by any other CAs subordinate to the root?
    • Ans: trust chaining
    • Difficulty: Easy
    • Section Ref: Using Certificates
  86. What is the term for sets of rules and settings that define the format and content of a certificate based on the certificate’s intended use?
    • Ans: certificate templates
    • Difficulty: Easy
    • Section Ref: Using Certificates
  87. What must you configure to specify how the certificates created with a certificate template can be used?
    • Ans: application policies
    • Difficulty: Easy
    • Section Ref: Using Certificates
  88. What occurs when the client and the server establish a Point-to-Point Protocol (PPP) connection?
    • Ans: The server authenticates the client, and the computers negotiate a set of communication parameters they have in common.
    • Difficulty: Easy
    • Section Ref: Securing Remote Access
  89. What factors can influence the lifetimes that an administrator chooses for certificates and keys?
    • Ans: Factors include the length of private keys for certificates, security of the CAs and their private keys, strength of the technology used for cryptographic operations, vulnerability of the CA certification chain, users of your certificates, and number of certificates that have been signed by a dedicated CA.
    • Difficulty: Medium
    • Section Ref: Using Certificates
  90. Some of the default templates supplied with Active Directory Certificate Services are version 2, which can only be used to issue certificates with a CA running which operating systems?
    • Ans: Windows Server 2003 Enterprise Edition, Windows Server 2003 Datacenter Edition, or Windows Server 2008
    • Difficulty: Hard
    • Section Ref: Using Certificates
  91. How do you create a duplicate template?
    • Ans:  You can create a duplicate template by right-clicking a template and selecting Duplicate Template from the context menu.
    • Difficulty: Easy
    • Section Ref: Using Certificates
  92. What are the benefits of using certificate templates with multiple functions?
    • Ans: Using certificate templates with multiple functions is an excellent way to reduce the number of certificates that administrators have to create and manage so as to fill an organization’s needs.
    • Difficulty: Medium
    • Section Ref: Using Certificates
  93. What does autoenrollment enable users to do?
    • Ans: Autoenrollment enables organizations to automatically deploy certificates to both users and computers; enables administrators to centrally manage all aspects of the certificate life cycle including certificate enrollment, certificate renewal, and modification and superseding of certificates; and enables faster deployment of PKI applications such as smart card logon, EFS, SSL, and Signed Multipurpose Internet Mail Extensions (S/MIME), within an Active Directory environment by eliminating the need for interaction with the end user.
    • Difficulty: Easy
    • Section Ref: Using Certificates
  94. In which three locations are CRLs published by default?
    • Ans: The \ServernameCertEnroll shareCN=CAName,CN=CAComputerName,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=ForestRootNameDNhttp://servername/certenroll
    • Difficulty: Hard
    • Section Ref: Using Certificates

What would you like to do?

Home > Flashcards > Print Preview