Chapter 22 - Understanding Certificates

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

5. You are the network administrator for an Active Directory forest named WillPanek.com. The forest contains a single domain. The domain contains a single Windows Server 2016 server named Server1. An administrator named John Smith plans to set up Server1 as a stand-alone certification authority (CA). You need John Smith to set up Server1 as a standalone CA. What group does John Smith need to be part of to configure Server1 as a standalone CA? A. Administrators group on Server1 B. Domain Admins group in WillPanek.com C. Cert Publishers group on Server1 D. Key Admins group in WillPanek.com

A. Administrators group on Server1

You are the network admin for your company. You need to see the list of templates set on the CA for issuance of certificates. What PowerShell command would you use? A. Get-CATemplate B. View-CATemplate C. Add-CATemplate D. New-CATemplate

A. Get-CATemplate

7. You have set up an enterprise root certification authority (CA) named Server1. Computers on the network have successfully enrolled and received certificates that will expire in one year. The certificates are based on a template named CA_Template1. You need to ensure that new certificates based on CA_Template1 are valid for three years. What should you do to make sure that they are valid for three years? A. Modify the Validity period for the certificate template. B. Instruct users to request certificates by running the certreq.exe command. C. Instruct users to request certificates by using the Certificates console. D. Modify the Validity period for the root CA certificate.

A. Modify the Validity period for the certificate template.

Channel Fishing Company wants to configure a CA server in the DMZ to issue certificates to remote users. How would you accomplish this? (Choose all that apply.) A. You should consider having the Certificate Enrollment Policy Web Server role included in the solution. B. You should consider having the online responder included in the solution. C. You should consider having the Network Device Enrollment Service included in the solution. D. You should consider having the web service included in the solution. E. You should consider having the Certificate Enrollment Web Service included in the solution. F. You should consider having the Web Enrollment service included in the solution.

A. You should consider having the Certificate Enrollment Policy Web Server role included in the solution. E. You should consider having the Certificate Enrollment Web Service included in the solution.

You are the network administrator for a large organization. You need to add a certificate template to the Certificate Authority. What PowerShell command would you use? A. Get-CSTemplate B. Add-CSTemplate C. Add-CATemplate D. New-Template

C. Add-CATemplate

You are the network administrator for WillPanek.com. You set up an enterprise certification authority (CA) named ServerCA1. You are planning to issue certificates based on the User certificate template. You need to make sure that the issued certificates are valid for two years and that they also support auto-enrollment. What should you do first? A. Run the certutil.exe command and specify the resubmit parameter. B. Duplicate the User certificate template. C. Add a new certificate template for CA1 to issue. D. Modify the Request Handling settings for the CA.

B. Duplicate the User certificate template.

ABC Industries wants configuration modifications of the Certification Authority role service to be logged. How would you implement this? (Choose all that apply.) A. You should consider enabling auditing of system events. B. You should consider enabling logging. C. You should consider enabling auditing of object access. D. You should consider enabling auditing of privilege use. E. You should consider enabling auditing of process tracking.

B. You should consider enabling logging. C. You should consider enabling auditing of object access.

The certificate revocation list (CRL) polling begins to consume bandwidth. What steps should you consider to reduce network traffic? A. You should consider implementing the Certificate Enrollment Policy Web Server role and Certificate Enrollment Web Services role. B. You should consider implementing an online responder. C. You should consider implementing an online issuing CA and a root CA. D. You should consider publishing more CRLs.

B. You should consider implementing an online responder.

You are the network administrator for a large company. You need to make sure that certificate clients check the CRLat least every 30 minutes to see whether a certificate has been revoked or not. Which of the following should you configure to accomplish this goal? A. Key recovery agent B. CRLpublication interval C. Delta CRLpublication interval D. Certificate templates.

C. Delta CRLpublication interval

You are the network admin for your company. You need to see all of the location sets for the CRLdistribution point (CDP). What PowerShell command would you use? A. View-CACrlDistributionPoint B. See-CACrlDistributionPoint C. Add-CACrlDistributionPoint D. Get-CACrlDistributionPoint

D. Get-CACrlDistributionPoint


Ensembles d'études connexes

APUSH period 3 CB Multiple choice

View Set

French School Subjects and School Supplies

View Set

Math Lesson 59 Subtracting Mixed Numbers with Renaming

View Set

ACCT 2220 - Chapter 3 Preview: Analysis of Cost, Volume & Pricing to Increase Profitability

View Set

Substance Abuse, Addiction, Alcohol

View Set

A Day No Pigs Would Die Chapters 1-2

View Set