• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/39

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

39 Cards in this Set

  • Front
  • Back
Does public key infrastructure provide secure tunneling?
No
What component of a PKI is held by a person or system and is unknown to anyone else?
Private key
What is not an element contained in a certificate practice statement?
Configuration of active directory information
What snap-in under server manager will provide a wizard-based backup utility that will allow you to backup the CA's certificate and private key, as well as the certificates issued by the CA?
Active directory certificate services
Windows server 2008 supports three versions of certificate templates. What version or versions of templates can be issued only from windows server 2008 enterprise CAs and can only be used on windows server 2008 and Vista clients?
Version 3
What is the term used to descrive a list of certificates revoked since the last base, or complete, CRL was published?
Delta CRL
When using HTTPS, after the web client finds that a CA is trusted and the signature on a certificate is verified, the web client sends additional parameters to the server that are encrypted with the server's what?
Public key
Which description best fits the CA administrator role?
Configures and maintains CA servers and can assign all other CA roles and renew the CA certificate
What must be done to allow a user to be able to access a file encrypted with EFS over a network connection?
Certificate autoenrollment must be configured
Select the answer below that is not a service a public key infrastructure provides to a network
secure tunneling
The network devices enrollment services (NDES) allows network devices such as routers and switches, to obtain certificates by using a special Cisco proprietary protocol known as what?
SCEP (Simple certificate enrollment protocol)
What provides the services for creating a public key infrastructure (PKI) that administrators can use to issue and manage public key certificates?
Active directory certificate services
What is a security system that binds a user's or device's identity to a cryptographic key?
PKI (public key infrastructure)
What type of key is held by a person or system and is unknown to anyone else.
Private key
What type of key is owned by a person or system that's distributed to whoever wants to have a secure communication session with the key owner?
Public key
Which key is most often used to encrypt data?
Public key
Which key is most often used to decrypt data?
Private key
What describes an entity that issues and manages digital certificates and associated public keys and is an integral part of a PKI?
Certificate authority
What role would you assign to make a windows 2008 server a certification authority for a corporate network?
Active directory certificate services role
What are some companies that are universally trusted public CA's?
VeriSign
Comodo
GlobalSign
What term describes a server running Windows server 2008 with AD CS installed but has little active directory integration?
Standalone CA
What term describes a server running windows server 2008 with AD CS installed that has full active directory integration?
Enterprise CA
A network with non-Windows devices needs at least what?
1 standalone CA
What is a list of certificates that have been invalidated before their expiration date by the CA administrator?
Certificate revocation list (CRL)
What are some reasons why a certificate authority might revoke a certificate?
Private key has been compromised
Certificate no longer needed
What is a list of certificates that have been revoked since the last base, or complete CRL was published?
Delta-CRL
Using what kind of CRL can potentially reuce the amount of traffic created when downloading CRLs?
Delta-CRL
What describes a server that supports online certificate status protocol (OCSP)?
Online responder
What protocol is used with an online responder that provides an alternative to clients downloading CRLs periodically to check certificate status?
Online certificate status protocol (OCSP)
What is the first CA installed in a network called?
Root CA
Clients are configured to trust the root CA's certificate, and then implicitly trust the certificate of any CA that's subordinate to the root. T or F
T
When this type of enrollment is configured, users and devices don't have to make explicit certificate requests to be issued certificates.
Autoenrollment
What certificate template provides for backward compatibility for server 2003 and 2000
Version 1 templates
Can you modify, remove, or autoenroll a version 1 template?
No, except with server 2008 version 1 templates
Which template allows customization of most certificate settings and permits autoenrollment and is supported by server 2003 enteprise edition and later?
Version 2 templates
Which template provides advanced cryptographic functions, can be issued only from a 2008 enterprise server CA and can be only used on 2008 server and vista clients?
Version 3 templates
What is a document describing how a CA issues certificates?
Certificate practice statement (CPS)
A CPS is installed by creating a CAPolicy.inf file and placing it into the CA's what?
%systemroot% directory
Is a CPS a required component of a PKI?
No