Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
46 Cards in this Set
- Front
- Back
In Windows 2000 Server, the certification authority is one of two types:_ and _.
|
enterprise
stand-alone. |
|
you must install an _ _ if you plan to issue certificates to users or computers inside a single Windows 2000 network
|
enterprise CA
|
|
An enterprise CA requires that all users and computers requesting certificates have an account in _ _.
|
Active Directory
|
|
You must install a _ CA if you plan to issue certificates to users or computers _ a single Windows 2000 network
|
stand-alone
outside |
|
A stand-alone CA does not require _ _
|
Active Directory
|
|
Enterprise Root CA: _-_ CA in cerification heirarchy. Signs its own _ _and requires _ _.
|
Top-level
CA certificate Active Directory. |
|
An enterprise root CA is the top-level CA in a certificate hierarchy. An enterprise root CA uses _ _to determine the _ of the requester and to
determine whether the requester has the _ _ to request a particular certificate type |
Active Directory
identity security permissions |
|
You should set up an
enterprise root CA if you will issue certificates only to _ and _ within your organization. |
users
computers |
|
Typically, the enterprise
root CA issues certificates only to _ _ |
subordinate CAs
|
|
Enterprise CA requires the following:
1) _ Server service 2) _ _ on the DNS, Active Directory, and _ servers. 3) _ Directory |
DNS
Administrative privileges CA Active |
|
To publish certificates in Active Directory, the server on which the CA is installed must be a member of the _ _ _
|
Cert Publishers group
|
|
An Enterprise Subordinate CA is able to issue _ within an organization. However, it is not the _ _ CA
|
certificates
most trusted |
|
An enterprise Subordinate must have a _ _
|
Parent CA
|
|
A stand-alone root CA the _-_ CA in a certificate _.
|
top-level
heirarchy |
|
A stand-alone root ca can operate _ or _ AD.
|
with
without |
|
A stand-alone root CA can be _ from the network.
|
disconnected
|
|
A stand-alone CA should be installed if you will issue certificates to entities _ _ _.
|
outside your organization
|
|
Typically a root CA issues certificates to _ CAs
|
subordinate
|
|
You must have _ _ on the local _ to install a stand-alone CA
|
local privileges
server |
|
A standalone subordinate CA acts as a _ _ server within a CA trust hierarchy.
|
solitary certificate
|
|
A subordinate stand-alone CA should be installed if you will issue _ to entities _ _ _.
|
certificates
outside your organization |
|
In order to insall a stand-alone subordinate CA you must have a _ CA and _ privileges on the _ _.
|
parent
administrative local server |
|
A computer cannot be _, or _ to or _ from a domain after Certificate Services is installed
|
renamed
joined removed |
|
To perform any of these actions, you first need to _ _ _from the computer.
|
remove Certificate Services
|
|
Advanced Options: CSP: Specifies a _-_ _service provider
|
third-party cryptographic
|
|
Advanced Options: CSP: The default is _ _ _ _v 1.0.
|
Microsoft Base Cryptographic Provider
|
|
Advanced Options: Hash Algorithm: The default is _.
|
SHA-1 (Secure Hash Algorithm 1).
|
|
Advanced Options: Key Length: The default key length is _ _ when using Microsoft Base Cryptographic Providers.
|
512 bit
|
|
Advanced Options: Key Length: For a root CA, you should use a key length of at least _ _. This setting is not available if you are using _ _.
|
2048 bits
existing keys. |
|
Advanced Options: Existing Keys: Select this option when you are _ or _ a previously installed CA. Also, select Use the _ _ to ensure that the CA has a certificate that is identical to the _ CA.
|
relocating
restoring associated certificate previous |
|
Identifying Information: CA Name: The name to identify the _ _that will be created in Active Directory.
|
CA object
|
|
Identifying Information: CA Name: Active Directory object names are limited to _ _ by the _standard
|
64 characters
Lightweight Directory Access Protocol (LDAP) |
|
Identifying Information: Country/Region: The _-_country/region code, as required by the _ Naming Scheme standard.
|
two-character
X.500 |
|
Identifying Information:Valid for The field can be set only for a _ _. The validity duration you choose for the CA determines when the _ _. Typically, a time period of _ _ is recommended.
|
root CA
CA expires two years |
|
By default, the certificates that a CA issues are stored in _
|
systemroot\System32\CertLog
|
|
You can also store configuration data in a shared folder. By default, the shared folder is _.
|
systemroot\CAConfig
|
|
You can also specify a _ _where the CA stores information about the CA and its root CA certificate.
|
shared folder
|
|
Create the shared folder if you want to allow users to retrieve information about the _ and the _ _ certificate from a shared folder instead of using a _ _ to retrieve this information.
|
CA
root CA Web browser |
|
If you specify a shared folder, Certificate Services shares the folder and assigns to it the name _.
|
CertConfig
|
|
Installation Components: A _for managing CAs on servers on which Certificate Services is _.
|
console
installed. |
|
You access Certification Authority through the _ _ menu
|
Administrative Tools
|
|
Installation Components: Certificates. A _ that you add to Microsoft Management Console (MMC) to manage _ _ for user accounts, computers, and services.
|
snap-in
existing certificates |
|
Installation Components: Certificate Services Web enrollment support. _ _ provided for users and administrators to request certificates. These Web pages are located at _, where server is the name of the server running Windows 2000 that hosts the CA.
|
Web pages
http://server/certsrv |
|
When backing up a server, the CA is backed up as part of the _ _
|
system state
|
|
It is also possible to back up and restore a CA by using _ _, but this method is intended for use only when you do not want to back up the _ _ on which the CA is installed.
|
Certification Authority
entire server |
|
Upon restoring a CA, the _ _ must also be restored if it has been damaged or lost. If a damaged or missing IIS metabase is not restored, IIS will _ _ _, and that will result in the _ of _ _to start.
|
IIS metabase
fail to start failure Certificate Services |