Chapter 13

Card Set Information

Author:
saldex2
ID:
219710
Filename:
Chapter 13
Updated:
2013-05-14 23:31:13
Tags:
Configuring Active Directory Certificate Services
Folders:

Description:
saldex2
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user saldex2 on FreezingBlue Flashcards. What would you like to do?


  1. What enables network administrators and owners to configure access rights for users during the users’ entire lifecycle within an organization?
    Identity Lifecycle Management
  2. What role in ILM is to provide services for managing public key certificates that can be used by any security system that relies on a PKI for authentication or authorization?
    Active Directory Certificate Services
  3. What consists of a number of elements that allow two parties to communicate securely, without any previous communication, through the use of a mathematical algorithm called public key cryptography?
    public key infrastructure
  4. What is a secret piece of information that is shared between two parties prior to being able to communicate securely?
    shared secret key
  5. What is an entity that issues and manages digital certificates for use in a PKI, such as a Windows Server 2008 server running the AD CS server role?
    Certificate Authority
  6. What electronic piece of information proves the identity of the entity that has signed a particular document?
    digital signature
  7. What are small physical devices on which a digital certificate is installed that are usually the size of a credit card or keychain fob?
    smart cards
  8. What is used to request certificates on behalf of a user, computer, or service if self-enrollment is not practical or is otherwise an undesirable solution for reasons of security or auditing?
    enrollment agents
  9. What service allows devices, such as hardware-based routers and other network devices and appliances, to enroll for certificates within a Windows Server 2008 PKI that might not otherwise be able to do so?
    Network Device Enrollment Service
  10. What ACL specifically allows users or computers to be automatically issued certificates based on a template?
    Autoenroll
  11. What enables a user to manually create a certificate request file using the Certificates MMC snap-in?
    Certificate Request Wizard
  12. Users with what predefined security role are tasked with issuing and managing certificates, including approving certificate enrollment and revocation requests?
    Certificate Manager
  13. Which of the following are not able to be performed by those with the Auditor predefined security role?
    define key recovery agents
  14. What identifies certificates that have been revoked or terminated?
    Certificate Revocation List
  15. What is the process by which private keys are maintained by the CA for retrieval by a recovery agent?
    key archival
  16. What type of CA is not integrated with Active Directory and relies on administrator intervention to respond to certificate requests?
    standalone CA
  17. What type of CA can use certificate templates as well as Group Policy Objects to allow autoenrollment of digital certificates, as well as store digital certificates within the Active Directory database for easy retrieval by users and devices?
    enterprise CA
  18. What service responds to requests from clients concerning the revocation status of a particular certificate, returning a digitally signed response indicating the certificate’s current status?
    Online Responder
  19. What is at the top level of a CA hierarchy?
    root CA
  20. CAs can exist in a hierarchical structure consisting of a subordinate CA and one or more root CAs beneath the root.
    False
  21. The autoenrollment feature supported by Windows Server 2003 and later allows users and computers to automatically enroll for certificates based on one or more certificate templates, as well as using Group Policy settings in Active Directory,
    True
  22. A standalone CA is integrated with Active Directory.
    False
  23. A standalone CA is integrated with Active Directory.
    False
  24. Certificate templates are used by a Certificate Authority to simplify the administration and issuance of digital certificates.
    True
  25. Public key __________ stores a piece of information called a public key for each user, computer, and service that is participating in a PKI.
    cryptography
  26. A Certificate __________ is an entity that issues and manages digital certificates for use in a PKI, such as a Windows Server 2008 server running the AD CS server role.
    Authority
  27. By using smart cards for authentication, you can implement __________ authentication; that is, you can base authentication on something that the user knows in combination with a physical token that the user possesses.
    two-factor
  28. __________ agents are used to request certificates on behalf of a user, computer, or service if self-enrollment is not practical or is otherwise an undesirable solution for reasons of security or auditing.
    Enrollment
  29. Most commercial CAs do not allow key archival; if a customer loses a private key and has not taken a backup, the user needs to __________ a new certificate.
    purchase
  30. A(n) __________ CA requires administrator intervention to respond to certificate requests.
    standalone
  31. Certificate __________ are used by a Certificate Authority to simplify the administration and issuance of digital certificates.
    templates
  32. __________ enrollment enables users to connect to a Windows Server 2008 CA through a Web browser to request certificates and obtain an up-to-date CRL.
    web
  33. __________ is an extremely flexible command-line utility for administering Active Directory Certificate Services.
    certutil
  34. CA __________ are responsible for the overall management of a CA, including the ability to delegate all other roles to additional users and groups.
    Admonistrators
  35. Who is tasked with issuing and managing certificates, including approving certificate enrollment and revocation requests?
    Certificate Managers
  36. The new Active Directory Certificate Services (AD CS) role in Windows Server 2008 is a component within what larger Microsoft strategy?
    Identity Lifecycle Management
  37. What is a secret piece of information that is shared between two parties prior to being able to communicate securely?
    shared secret key
  38. What is an entity that issues and manages digital certificates for use in a PKI, such as a Windows Server 2008 server running the AD CS server role?
    Certificate Authority
  39. What consists of a number of elements that allow two parties to communicate securely, without any previous communication, through the use of a mathematical algorithm called public key cryptography?
    public key infrastructure
  40. What feature enables users to request their own PKI certificates, typically through a Web browser?
    self-enrollment
  41. What is the process by which private keys are maintained by the CA for retrieval by a recovery agent?
    key archival
  42. What type of CA exists at the top of the hierarchical structure?
    root CA
  43. What is a PKI?
    In brief, a public key infrastructure (PKI) consists of a number of elements that allow two parties to communicate securely, without any previous communication, through the use of a mathematical algorithm called public key cryptography.
  44. What does a three-tier hierarchy of Certificate Authoritys consist of?
    A three-tier hierarchy is one in which a single root CA issues certificates to a number of intermediate CAs, allowing the intermediate CAs to issue certificates to users or computers.
  45. What is two-factor authentication?
    Two-factor authentication in one that bases authentication on something the user knows in combination with a physical token that the user possesses.
  46. What is an Online Responder?
    This service responds to requests from clients concerning the revocation status of a particular certificate, returning a digitally signed response indicating the certificate’s current status.
  47. What is the difference between an enterprise CA and a standalone CA?
    A standalone CA is not integrated with Active Directory and instead requires administrator intervention to respond to certificate requests. You can use a standalone CA as both a root and a subordinate CA in any PKI infrastructure. An enterprise CA integrates with an Active Directory domain. It can use certificate templates to allow autoenrollment of digital certificates, as well as store the certificates themselves within the Active Directory database. You can use an enterprise CA as both a root and a subordinate CA in any PKI infrastructure.
  48. What five ACLs are available when configuring certificate templates?
    Full Control, Read, Write, Enroll, and Autoenroll
  49. What are the four predefined CA security roles?
    CA Administrator, Certificate Managers, Backup Operators, Auditors

What would you like to do?

Home > Flashcards > Print Preview