Information Technology Reference
In-Depth Information
12. Which of the following isn't a necessary step to configure autoenrollment?
a. Configure a KRA.
b. Configure a certificate template.
c. Configure a group policy.
d. Add the template to the CA.
13. You want to prevent tampering on your internetworking devices by issuing these devices cer-
tificates to run IPSec. What should you install?
a. Online responder
b. NDES role service
c. Intermediate CA
d. CDP
14. Which of the following steps is necessary to configure an online responder? (Choose all that
apply.)
a. Configure an OCSP Response Signing certificate template.
b. Enroll the OR with the OCSP Response Signing certificate.
c. Configure the OR enrollment agent.
d. Configure revocation for the OR.
15. Which role can renew the CA certificate?
a. CA Administrator
b. Certificate Manager
c. Backup Operator
d. Auditor
16. Your CA has issued several hundred certificates and private keys to several hundred users.
More than once, a user's private key has been lost or corrupted, resulting in lost data. You
want to make sure your users' private keys can be recovered if needed. What should you do?
17. You want to create a separate backup for the certificate store and make sure the backup
occurs every Friday at 11:00 p.m. How should you do this?
a. Use Windows Backup to schedule a CA database backup weekly on Fridays at 11:00 p.m.
b. Hire a technician to work Friday nights and instruct him on how to use the AD CS snap-
in to back up the certificate store.
c. Use Certutil and Windows Task Scheduler.
d. Use the AD CS snap-in to schedule the backup.
18. To reduce the amount of traffic generated when clients download the CRL, which of the fol-
lowing should you use?
a. AIA
b. Delta CRL
c. CDP
d. SCEP
19. You want to begin using smart cards for user logon. The number of enrollment stations you
have is limited, so you want department administrators to enroll only other users in their
departments in smart card certificates. How should you go about this?
a.
11
Issue the designated department administrators an Enrollment Agent certificate. Publish
the smart card certificate template. Have the designated enrollment agents use the
Certificates snap-in to enroll departmental users in the smart card certificates.
b.
Issue the designated department administrators an Enrollment Agent certificate.
Configure the smart card certificate templates with the list of users each enrollment
Search WWH ::
Custom Search