Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
Abbrev : PKI
|
Public Key Infrastructure
|
|
Encryption of data over a network for secure communication ?
|
Secure communication of data over a network can be achieved by encrypting the data. You can encrypt the data before transmission by using a key and decipher it by using the same key after it reaches the desired location. You can ensure security of data by sharing the key only between trusted objects
|
|
What is ciphertext ?
|
In Windows Server 2008, a Public Key Infrastructure (PKI) provides encryption and decryption of data by applying digital keys to the data to generate an encrypted form of data known as ciphertext.
|
|
What are public and private keys ?
|
A PKI uses two keys to encrypt and decrypt data – a public key and a private key. A public key can be made available to any user and can be used to encrypt data. However, only the user who has the private key can decrypt the data.
|
|
How are Public Keys Distributed ?
|
Digital certificates are used to distribute a public key
|
|
Abbrev : CAs
|
certification authorities
|
|
Abbrev : AD CS
|
Active Directory Certificate Services
|
|
What are the two types of CAs ?
|
enterprise root CA or enterprise subordinate CA
stand-alone root CA or stand-alone subordinate CA |
|
What are Enterprise CAs ?
|
Enterprise CAs are integrated in Active Directory Domain Services (AD DS). These CAs use certificate templates, and publish their certificates and Certificate Revocation Lists (CRLs) to AD DS.
|
|
What are Standalone Root CAs?
|
Stand-alone CAs do not use certificate templates and do not require AD DS. These CAs do not respond to certificate enrollment requests automatically.
|
|
Which is the first role service that is to be installed in AD CS ?
|
A root CA is the first role service that is installed in AD CS.
|
|
How do you enroll for a certificate ?
|
To enroll for a certificate, a certificate request should be made by a user, computer, or service that has access to the private key associated with the public key.
|
|
How do you make a request for a certificate ?
|
You can make a request for a certificate through autoenrollment, the Certificate Request Wizard, or over the web
|
|
What does a CA do ?
|
A CA evaluates certificate requests and issues certificates, if the predefined conditions set for allocating certificates to requesters are fulfilled.
|
|
What is certificate enrollment ?
|
The allocation of a certificate to an entity or a user is known as certificate enrollment.
|
|
Abbrev : CSP ?
|
Cryptographic Service Provider
|
|
What happens when a CA receives an enrollment request ?
|
When a CA receives an enrollment request, the following actions take place:
CA decrypts the digital signature in the certificate CA performs a hash on the request CA digitally signs the user's public key user distributes copies of its X.509 certificate entities authenticate the user's X.509 certificate. |
|
To configure autoenrollment in a domain, you first need to :
|
* configure the certificate template for autoenrollment
* specify the Group Policy settings |
|
The administrator can configure two default actions that a CA can take on receiving a certificate request:
|
# the certificate request can be automatically approved by the CA
# the CA administrator can review the request – which changes the status of the request to pending in the CA – and take appropriate actions |
|
What happens when a certificate is issued ?
|
When a certificate is issued, it is copied to FileName.cer, where FileName is the request ID of the certificate request. The file is copied to the CertEnroll folder on the CA. The CA administrator can configure the option for publishing certificates to the file system.
|