Chat with AI
Deck 11: Active Directory Certificate Services
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
Play
Full screen (f)
Deck 11: Active Directory Certificate Services
1
Hash values are used to sign the CA certificate and certificates issued by the CA,as well as to verify that the original data hasn't been changed.
True
2
Which of the four CA roles can approve requests for certificate enrollment and revocation?
A)CA Administrator
B)Certificate Manager
C)Backup Operator
D)Auditor
A)CA Administrator
B)Certificate Manager
C)Backup Operator
D)Auditor
B
3
CA Autoenrollment can only be enabled on enterprise CAs.
True
4
What answer below is the term used to describe a list of certificates revoked since the last base,or complete,CRL was published?
A)Delta CRL
B)Certificate revocation list
C)Incremental CRL
D)Partial CRL
A)Delta CRL
B)Certificate revocation list
C)Incremental CRL
D)Partial CRL
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
If a certificate isn't configured for autoenrollment,a user may be able to request the certificate by using the Certificates snap-in,so long as they are accessing a standalone CA.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
Which description best fits the CA Administrator role?
A)Approves requests for certificate enrollment and revocation
B)Manages auditing logs
C)Configures and maintains CA servers,and can assign all other CA roles and renew the CA certificate
D)Able to back up and restore files and directories
A)Approves requests for certificate enrollment and revocation
B)Manages auditing logs
C)Configures and maintains CA servers,and can assign all other CA roles and renew the CA certificate
D)Able to back up and restore files and directories
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
If a smart card no longer has any space to contain a new key,what can you enable to prevent a renewal failure?
A)"Clear previous smart card keys" option
B)"Reserve space on smart card for new keys" option
C)"Disable automatic smart card renewal unless adequate space is available for a new key" option
D)"For automatic renewal of smart card certificates,use the existing key if a new key cannot be created" option
A)"Clear previous smart card keys" option
B)"Reserve space on smart card for new keys" option
C)"Disable automatic smart card renewal unless adequate space is available for a new key" option
D)"For automatic renewal of smart card certificates,use the existing key if a new key cannot be created" option
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
Select the answer below that is not a service a public key infrastructure provides to a network:
A)Confidentiality
B)Integrity
C)Nonrepudiation
D)Secure tunneling
A)Confidentiality
B)Integrity
C)Nonrepudiation
D)Secure tunneling
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
If a certificate has a validity period of 1 year and a renewal period of 1 month,when must a certificate that was issued on December 12th,2009 be renewed?
A)Once every month throughout the validity period
B)Between November 12,2010 and December 12,2010
C)Between December 12,2010 and January 12,2011
D)Between December 12,2010 and January 11
A)Once every month throughout the validity period
B)Between November 12,2010 and December 12,2010
C)Between December 12,2010 and January 12,2011
D)Between December 12,2010 and January 11
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
The Network Device Enrollment Service (NDES)allows network devices,such as routers and switches,to obtain certificates by using a special Cisco proprietary protocol known as...
A)Simple Certificate Enrollment Protocol (SCEP)
B)Special Device Certificate Protocol (SDCP)
C)Secured Network Device Protocol (SNDP)
D)Special Certificate Enrollment Protocol (SCEP)
A)Simple Certificate Enrollment Protocol (SCEP)
B)Special Device Certificate Protocol (SDCP)
C)Secured Network Device Protocol (SNDP)
D)Special Certificate Enrollment Protocol (SCEP)
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
What component of a PKI is held by a person or system and is unknown to anyone else?
A)Public key
B)Ciphertext
C)Secret key
D)Private key
A)Public key
B)Ciphertext
C)Secret key
D)Private key
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
Windows Server 2008 supports three versions of certificate templates.What version or versions of templates can be issued only from Windows Server 2008 enterprise CAs and can only be used on Windows Server 2008 and Vista clients?
A)Version 1
B)Version 2
C)Version 3
D)All of the above
A)Version 1
B)Version 2
C)Version 3
D)All of the above
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
When using HTTPS,after the web client finds that a CA is trusted and the signature on a certificate is verified,the web client sends additional parameters to the server that are encrypted with the server's....
A)Private key
B)Public key
C)Secret key
D)Ciphertext
A)Private key
B)Public key
C)Secret key
D)Ciphertext
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
What snap-in under Server manager will provide a wizard-based backup utility that will allow you to backup the CA's certificate and private key,as well as the certificates issued by the CA?
A)Active Directory Certificate Backup Utility
B)Active Directory CA Backup and Restore
C)Active Directory Certificate Services
D)Active Directory Certificate Backup and Restore
A)Active Directory Certificate Backup Utility
B)Active Directory CA Backup and Restore
C)Active Directory Certificate Services
D)Active Directory Certificate Backup and Restore
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
Which of the following is not true in relation to enterprise CAs?
A)Must operate online
B)Certificates published in Active Directory
C)No certificate templates available
D)CA's certificate distributed to clients automatically
A)Must operate online
B)Certificates published in Active Directory
C)No certificate templates available
D)CA's certificate distributed to clients automatically
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
A user's employment was recently terminated due to suspicions of corporate espionage.As part of a security audit,you have been assigned to investigate any files related to the user that was terminated.Unfortunately,due to unknown circumstances,the user's profile was lost.However,you have found several files believed to have been created by the user,that have been encrypted via EFS.Because your environment runs on Windows Server 2008 Enterprise edition,you are counting upon automatic key archival to gain access to the encrypted files.
Once the certificate manager locates the key in the CA database,what kind of user must be contacted in order to decrypt the key?
A)A data recovery agent
B)A key recovery agent responsible for the key
C)An administrator with permissions to the encrypted file that is also a member of the Data Recovery Operators group
D)No user can accomplish this task;Microsoft support must be contacted and the key sent to a designated Microsoft Special Situations Auditor (MSSA)for decryption
Once the certificate manager locates the key in the CA database,what kind of user must be contacted in order to decrypt the key?
A)A data recovery agent
B)A key recovery agent responsible for the key
C)An administrator with permissions to the encrypted file that is also a member of the Data Recovery Operators group
D)No user can accomplish this task;Microsoft support must be contacted and the key sent to a designated Microsoft Special Situations Auditor (MSSA)for decryption
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
If setting up a standalone certificate authority,Active Directory is required.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
Which of the following answers is not an element contained in a certificate practice statement?
A)Identification of the CA
B)Types of certificates used
C)Configuration of Active Directory information
D)Certificate lifetimes
A)Identification of the CA
B)Types of certificates used
C)Configuration of Active Directory information
D)Certificate lifetimes
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
What must be done to allow a user to be able to access a file encrypted with EFS over a network connection?
A)Certificate autoenrollment must be configured
B)The user must be given the correct permissions
C)The user's SID must be exported to the remote machine
D)This can not be accomplished
A)Certificate autoenrollment must be configured
B)The user must be given the correct permissions
C)The user's SID must be exported to the remote machine
D)This can not be accomplished
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
Before you can restore a CA database from a backup,the CA service must be stopped.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
What is the Authority Information Access term used to describe?
A)A type of special permission that defines who can access a CA server
B)A list of administrative users that have authority over a CA
C)A configuration window in Active Directory Certificate Services used to configure what subnets are allowed to access the CA
D)A path configured on a CA server that specifies where to find the certificate for a CA
A)A type of special permission that defines who can access a CA server
B)A list of administrative users that have authority over a CA
C)A configuration window in Active Directory Certificate Services used to configure what subnets are allowed to access the CA
D)A path configured on a CA server that specifies where to find the certificate for a CA
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
Certificate enrollment is...
A)The process of issuing a certificate to a client
B)The process of a certificate being created on a CA
C)The process of validating an external certificate from a trusted 3rd party to a local CA
D)The process of adding a certificate to an automated backup procedure
A)The process of issuing a certificate to a client
B)The process of a certificate being created on a CA
C)The process of validating an external certificate from a trusted 3rd party to a local CA
D)The process of adding a certificate to an automated backup procedure
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
MATCHING
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A CA that interacts with clients to field certificate requests and maintain the CRL
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A CA that interacts with clients to field certificate requests and maintain the CRL
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
What is the certificate distribution point (CDP)?
A)A special CA replication only topology to be used when CAs are updated
B)Identifies where the CRL for a CA can be retrieved;can include URLS for HTTP,FILE,FTP,and LDAP locations
C)A path that is configured on a CA server that specifies where to find the certificate for a CA
D)A list of the certificates revoked since the last base,or complete,CRL was published
A)A special CA replication only topology to be used when CAs are updated
B)Identifies where the CRL for a CA can be retrieved;can include URLS for HTTP,FILE,FTP,and LDAP locations
C)A path that is configured on a CA server that specifies where to find the certificate for a CA
D)A list of the certificates revoked since the last base,or complete,CRL was published
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
MATCHING
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A mathematical function that takes a string of data as input and produces a fixed-size value as output.
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A mathematical function that takes a string of data as input and produces a fixed-size value as output.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
____________________ is data that has been unaltered;as used in cryptography,this term defines the state of information before it's encrypted or after it has been decrypted.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
MATCHING
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A server configured with the Web Enrollment role service
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A server configured with the Web Enrollment role service
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
Web enrollment is the main method for accessing CA services on a ____________________ CA.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
Under normal circumstances,a client must download a certificate revocation list in order to check a certificate's revocation status,unless the ____________________ role service is available.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
MATCHING
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A security system that binds a user's or device's identity to a cryptographic key that secures data transfer with encryption and ensures data authenticity with digital certificates
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A security system that binds a user's or device's identity to a cryptographic key that secures data transfer with encryption and ensures data authenticity with digital certificates
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
MATCHING
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
The first CA installed in a network.
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
The first CA installed in a network.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
One of the following is not an example of a well known company that has universally trusted public CAs:
A)VeriSign
B)Comodo
C)GlobalSign
D)Secure4u
A)VeriSign
B)Comodo
C)GlobalSign
D)Secure4u
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
By setting up autoenrollment for EFS certificates,a user's EFS certificate is created...
A)When the user encrypts a file
B)After the user restarts his or her computer
C)The first time he or she logs on to the domain after autoenrollment is configured
D)After requesting the certificate within the Certificate snap-in
A)When the user encrypts a file
B)After the user restarts his or her computer
C)The first time he or she logs on to the domain after autoenrollment is configured
D)After requesting the certificate within the Certificate snap-in
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
MATCHING
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A service that allows network devices,such as routers and switches,to obtain certificates by using Simple Certificate Enrollment Protocol
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A service that allows network devices,such as routers and switches,to obtain certificates by using Simple Certificate Enrollment Protocol
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
A _________________________ is an entity that issues and manages digital certificates and associated public keys and is an integral part of PKI.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
____________________ is an international standard that defines many aspects of a PKI,including certificate formats.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
MATCHING
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A method of backing up private keys and restoring them if users' private keys are lost
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A method of backing up private keys and restoring them if users' private keys are lost
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
MATCHING
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A document describing how a CA issues certificates containing the CA identity,security practices used to maintain CA integrity,types of certificates issued,renewal policy,and so forth.
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A document describing how a CA issues certificates containing the CA identity,security practices used to maintain CA integrity,types of certificates issued,renewal policy,and so forth.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
MATCHING
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A CA in a multilevel CA hierarchy that issue certificates to issuing CAs,which respond to user and device certificate requests.
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A CA in a multilevel CA hierarchy that issue certificates to issuing CAs,which respond to user and device certificate requests.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
An enterprise CA is...
A)Any Windows server with Active Directory Certificate Services role installed
B)A Windows Server 2003 Enterprise or Datacenter Edition server with Active Directory Certificate Services role installed
C)A Windows Server 2008 server with the Active Directory Certificate Services role installed
D)A Windows Server 2008 server with the Active Directory Enterprise Certificate Services role installed
A)Any Windows server with Active Directory Certificate Services role installed
B)A Windows Server 2003 Enterprise or Datacenter Edition server with Active Directory Certificate Services role installed
C)A Windows Server 2008 server with the Active Directory Certificate Services role installed
D)A Windows Server 2008 server with the Active Directory Enterprise Certificate Services role installed
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
This command-line program can be used to back up a CA.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
This is a server that supports Online Certificate Status Protocol (OCSP).
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
This type of CA isn't connected to the network,which makes it less vulnerable to attacks.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
What type of CA can publish the certificate revocation list to Active Directory automatically?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
This is the name for the first CA installed in a network.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
In encryption,this is a numeric value used by a cryptographic algorithm to change plaintext into ciphertext and ciphertext back to plaintext.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
When configuring certificate templates,Windows Server 2003 Standard edition and Windows 2000 Server support only this version of templates
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
What type of CA requires that the CA's certificate be distributed to clients manually?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
Enter the term that best matches the description below:
A numeric string created by a cryptographic algorithm,called a hash,that's used to validate a message or document's authenticity.
A numeric string created by a cryptographic algorithm,called a hash,that's used to validate a message or document's authenticity.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
This is an encryption / decryption process,used in a PKI system,that uses both a public key and a private key.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
