Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
39 Cards in this Set
- Front
- Back
Does public key infrastructure provide secure tunneling?
|
No
|
|
What component of a PKI is held by a person or system and is unknown to anyone else?
|
Private key
|
|
What is not an element contained in a certificate practice statement?
|
Configuration of active directory information
|
|
What snap-in under server manager will provide a wizard-based backup utility that will allow you to backup the CA's certificate and private key, as well as the certificates issued by the CA?
|
Active directory certificate services
|
|
Windows server 2008 supports three versions of certificate templates. What version or versions of templates can be issued only from windows server 2008 enterprise CAs and can only be used on windows server 2008 and Vista clients?
|
Version 3
|
|
What is the term used to descrive a list of certificates revoked since the last base, or complete, CRL was published?
|
Delta CRL
|
|
When using HTTPS, after the web client finds that a CA is trusted and the signature on a certificate is verified, the web client sends additional parameters to the server that are encrypted with the server's what?
|
Public key
|
|
Which description best fits the CA administrator role?
|
Configures and maintains CA servers and can assign all other CA roles and renew the CA certificate
|
|
What must be done to allow a user to be able to access a file encrypted with EFS over a network connection?
|
Certificate autoenrollment must be configured
|
|
Select the answer below that is not a service a public key infrastructure provides to a network
|
secure tunneling
|
|
The network devices enrollment services (NDES) allows network devices such as routers and switches, to obtain certificates by using a special Cisco proprietary protocol known as what?
|
SCEP (Simple certificate enrollment protocol)
|
|
What provides the services for creating a public key infrastructure (PKI) that administrators can use to issue and manage public key certificates?
|
Active directory certificate services
|
|
What is a security system that binds a user's or device's identity to a cryptographic key?
|
PKI (public key infrastructure)
|
|
What type of key is held by a person or system and is unknown to anyone else.
|
Private key
|
|
What type of key is owned by a person or system that's distributed to whoever wants to have a secure communication session with the key owner?
|
Public key
|
|
Which key is most often used to encrypt data?
|
Public key
|
|
Which key is most often used to decrypt data?
|
Private key
|
|
What describes an entity that issues and manages digital certificates and associated public keys and is an integral part of a PKI?
|
Certificate authority
|
|
What role would you assign to make a windows 2008 server a certification authority for a corporate network?
|
Active directory certificate services role
|
|
What are some companies that are universally trusted public CA's?
|
VeriSign
Comodo GlobalSign |
|
What term describes a server running Windows server 2008 with AD CS installed but has little active directory integration?
|
Standalone CA
|
|
What term describes a server running windows server 2008 with AD CS installed that has full active directory integration?
|
Enterprise CA
|
|
A network with non-Windows devices needs at least what?
|
1 standalone CA
|
|
What is a list of certificates that have been invalidated before their expiration date by the CA administrator?
|
Certificate revocation list (CRL)
|
|
What are some reasons why a certificate authority might revoke a certificate?
|
Private key has been compromised
Certificate no longer needed |
|
What is a list of certificates that have been revoked since the last base, or complete CRL was published?
|
Delta-CRL
|
|
Using what kind of CRL can potentially reuce the amount of traffic created when downloading CRLs?
|
Delta-CRL
|
|
What describes a server that supports online certificate status protocol (OCSP)?
|
Online responder
|
|
What protocol is used with an online responder that provides an alternative to clients downloading CRLs periodically to check certificate status?
|
Online certificate status protocol (OCSP)
|
|
What is the first CA installed in a network called?
|
Root CA
|
|
Clients are configured to trust the root CA's certificate, and then implicitly trust the certificate of any CA that's subordinate to the root. T or F
|
T
|
|
When this type of enrollment is configured, users and devices don't have to make explicit certificate requests to be issued certificates.
|
Autoenrollment
|
|
What certificate template provides for backward compatibility for server 2003 and 2000
|
Version 1 templates
|
|
Can you modify, remove, or autoenroll a version 1 template?
|
No, except with server 2008 version 1 templates
|
|
Which template allows customization of most certificate settings and permits autoenrollment and is supported by server 2003 enteprise edition and later?
|
Version 2 templates
|
|
Which template provides advanced cryptographic functions, can be issued only from a 2008 enterprise server CA and can be only used on 2008 server and vista clients?
|
Version 3 templates
|
|
What is a document describing how a CA issues certificates?
|
Certificate practice statement (CPS)
|
|
A CPS is installed by creating a CAPolicy.inf file and placing it into the CA's what?
|
%systemroot% directory
|
|
Is a CPS a required component of a PKI?
|
No
|