by gunnar


keywords:
Bookmark and Share



Front Back
CAs can exist in a hierarchical structure consisting of a subordinate CA and one or more root CAs beneath the root.
False
The autoenrollment feature supported by Windows Server 2003 and later allows users and computers to automatically enroll for certificates based on one or more certificate templates, as well as using Group Policy settings in Active Directory.
True
A standalone CA is integrated with Active Directory.
False
The Network Device Enrollment Service (NDES) enables network devices to enroll for certificates within a Windows Server 2008 PKI using the Certificates MMC snap-in.
False
Certificate templates are used by a Certificate Authority to simplify the administration and issuance of digital certificates.
True
What enables network administrators and owners to configure access rights for users during the users’ entire lifecycle within an organization?
Identity Lifecycle Management
What role in ILM is to provide services for managing public key certificates that can be used by any security system that relies on a PKI for authentication or authorization?
Active Directory Certificate Services
What consists of a number of elements that allow two parties to communicate securely, without any previous communication, through the use of a mathematical algorithm called public key cryptography?
public key infrastructure
What is a secret piece of information that is shared between two parties prior to being able to communicate securely?
shared secret key
What is an entity that issues and manages digital certificates for use in a PKI, such as a Windows Server 2008 server running the AD CS server role?
Certificate Authority
What electronic piece of information proves the identity of the entity that has signed a particular document?
digital signature
What are small physical devices on which a digital certificate is installed that are usually the size of a credit card or keychain fob?
smart cards
What is used to request certificates on behalf of a user, computer, or service if self-enrollment is not practical or is otherwise an undesirable solution for reasons of security or auditing?
enrollment agents
What service allows devices, such as hardware-based routers and other network devices and appliances, to enroll for certificates within a Windows Server 2008 PKI that might not otherwise be able to do so?
Network Device Enrollment Service
What ACL specifically allows users or computers to be automatically issued certificates based on a template?
Autoenroll
What enables a user to manually create a certificate request file using the Certificates MMC snap-in?
Certificate Request Wizard
Users with what predefined security role are tasked with issuing and managing certificates, including approving certificate enrollment and revocation requests?
Certificate Manager
Which of the following are not able to be performed by those with the Auditor predefined security role?
define key recovery agents
What identifies certificates that have been revoked or terminated?
Certificate Revocation List
What is the process by which private keys are maintained by the CA for retrieval by a recovery agent?
key archival
What type of CA is not integrated with Active Directory and relies on administrator intervention to respond to certificate requests?
standalone CA
What type of CA can use certificate templates as well as Group Policy Objects to allow autoenrollment of digital certificates, as well as store digital certificates within the Active Directory database for easy retrieval by users and devices?
enterprise CA
What service responds to requests from clients concerning the revocation status of a particular certificate, returning a digitally signed response indicating the certificate’s current status?
Online Responder
What is at the top level of a CA hierarchy?
root CA
Public key __________ stores a piece of information called a public key for each user, computer, and service that is participating in a PKI.
cryptography
A Certificate __________ is an entity that issues and manages digital certificates for use in a PKI, such as a Windows Server 2008 server running the AD CS server role.
Authority
By using smart cards for authentication, you can implement __________ authentication; that is, you can base authentication on something that the user knows in combination with a physical token that the user possesses.
two-factor
__________ agents are used to request certificates on behalf of a user, computer, or service if self-enrollment is not practical or is otherwise an undesirable solution for reasons of security or auditing.
Enrollment
Most commercial CAs do not allow key archival; if a customer loses a private key and has not taken a backup, the user needs to __________ a new certificate.
purchase
A(n) __________ CA requires administrator intervention to respond to certificate requests.
standalone
Certificate __________ are used by a Certificate Authority to simplify the administration and issuance of digital certificates.
templates
__________ enrollment enables users to connect to a Windows Server 2008 CA through a Web browser to request certificates and obtain an up-to-date CRL.
Web
__________ is an extremely flexible command-line utility for administering Active Directory Certificate Services.
Certutil
CA __________ are responsible for the overall management of a CA, including the ability to delegate all other roles to additional users and groups.
Administrators
Who is tasked with issuing and managing certificates, including approving certificate enrollment and revocation requests?
Certificate Managers
The new Active Directory Certificate Services (AD CS) role in Windows Server 2008 is a component within what larger Microsoft strategy?
Identity Lifecycle Management
What is a secret piece of information that is shared between two parties prior to being able to communicate securely?
shared secret key
What is an entity that issues and manages digital certificates for use in a PKI, such as a Windows Server 2008 server running the AD CS server role?
Certificate Authority
What consists of a number of elements that allow two parties to communicate securely, without any previous communication, through the use of a mathematical algorithm called public key cryptography?
public key infrastructure
What feature enables users to request their own PKI certificates, typically through a Web browser?
self-enrollment
What is the process by which private keys are maintained by the CA for retrieval by a recovery agent?
key archival
What type of CA exists at the top of the hierarchical structure?
root CA
What is a PKI?
In brief, a public key infrastructure (PKI) consists of a number of elements that allow two parties to communicate securely, without any previous communication, through the use of a mathematical algorithm called public key cryptography
What does a three-tier hierarchy of Certificate Authoritys consist of?
A three-tier hierarchy is one in which a single root CA issues certificates to a number of intermediate CAs, allowing the intermediate CAs to issue certificates to users or computers.
What is two-factor authentication?
Two-factor authentication in one that bases authentication on something the user knows in combination with a physical token that the user possesses
What is an Online Responder?
This service responds to requests from clients concerning the revocation status of a particular certificate, returning a digitally signed response indicating the certificate’s current status.
What is the difference between an enterprise CA and a standalone CA?
A standalone CA is not integrated with Active Directory and instead requires administrator intervention to respond to certificate requests. You can use a standalone CA as both a root and a subordinate CA in any PKI infrastructure. An enterprise CA integrates with an Active Directory domain. It can use certificate templates to allow autoenrollment of digital certificates, as well as store the certificates themselves within the Active Directory database. You can use an enterprise CA as both a root and a subordinate CA in any PKI infrastructure.
What five ACLs are available when configuring certificate templates?
Full Control, Read, Write, Enroll, and Autoenroll
What are the four predefined CA security roles?
CA Administrator, Certificate Managers, Backup Operators, Auditors
x of y cards Next >|