Information Technology Reference
In-Depth Information
agent can enroll. Have the designated enrollment agents use Web enrollment to enroll
departmental users in the smart card certificates.
c. Issue the designated department administrators an Enrollment Agent certificate.
Configure the CA server's properties to restrict enrollment agents. Publish the smart
card certificate template. Have the designated enrollment agents use Web enrollment to
enroll departmental users in the smart card certificates.
d. Configure Enrollment Agent Certificate templates with the list of users agents can enroll.
Issue the designated department administrators an Enrollment Agent certificate. Publish
the smart card certificate template. Have the designated enrollment agents use Web
enrollment to enroll departmental users in the smart card certificates.
20. Your company runs a commercial Web site that enables your business partners to purchase
products and manage their accounts. You want to increase the site's security by issuing cer-
tificates to business partners to augment logon security and protect data transmissions with
encryption. What should you install?
a.
An online enterprise CA
b.
An online standalone CA
c.
An offline root CA
d.
An intermediate CA
Case Projects
Case Project 11-1: Designing a PKI and CA Hierarchy
You're called in as a consultant to create a CA hierarchy for a company. The company has
three locations: one in the United States, one in South America, and one in Europe. Each
location has approximately 1000 users who need certificates. About 75% of the users in
each location are domain members running Windows XP and Vista. The others are run-
ning a non-Windows OS and aren't domain members. Some features of the PKI should
include the following:
• Web enrollment
• Autoenrollment
• Smart card enrollment, in which designated users can enroll other users
• EFS
• Automatic key archival
• Network device certificates
• Real-time query for certificate revocation status
Design the CA hierarchy, and label each CA according to its function and status (stand-
alone, enterprise, root, intermediate, issuing, online, offline). The design should include a
drawing showing the hierarchy as well as a detailed description, including how users and
clients interact with the systems you selected. In addition, list the role services that need to
be installed and the certificate template types that must be configured.
 
Search WWH ::




Custom Search