estion 1

10 out of 10 points
An organization can have one or more of these to distribute the load of issuing certificates in a geographically dispersed organization:

Answer Selected Answer:

Intermediate CA

Response Feedback:

In a hierarchical CA deployment, intermediate CAs receive certificates from a higher-level CA, such as a root CA.

Question 2
10 out of 10 points
Each server that functions as a CA must be configured with a(n):

Answer Selected Answer:

Revocation configuration

Response Feedback:

The revocation configuration provides information about certificates that have been revoked by a particular CA.

Question 3
0 out of 10 points
The following NAP component transmits information between the NAP Enforcement Clients and the System Health Agents:

Answer Selected Answer:

NAP Client

Question 4
0 out of 10 points
In order to authenticate using a smart card that has been configured for their use, a user

must have the following installed at their workstation:

Answer Selected Answer:

smart card enrollment station

Response Feedback:

Smart card authentication requires users to have a smart card reader installed on the relevant computer.

Question 5
10 out of 10 points
The Network Device Enrollment Service (NDES) uses the following protocol to enroll network devices for PKI certificates:

Answer Selected Answer:

Simple Certificate Enrollment Protocol

Response Feedback:

The Simple Certificate Enrollment Protocol allows devices, such as hubs and switches, to be enrolled for PKI certificates.

Question 6
10 out of 10 points
This provides a detailed explanation of how a particular Certification Authority manages certificates and keys

Answer Selected Answer:

Certificate Practice Statement

Response Feedback:

Each CPS should be based on an organizations written security policy.

Question 7
10 out of 10 points
A server that operates the NAP Enforcement Server components is referred to as a(n):

Answer Selected Answer:

enforcement point

Response Feedback:

Each NAP deployment requires at least one enforcement point to be configured.

Question 8
10 out of 10 points
The IPSec NAP Enforcement method relies on this type of PKI certificate to perform its enforcements:

Answer Selected Answer:

health certificate

Response Feedback:

NAP relies on health certificates to make determinations about whether a client should be allowed network access or not.

Question 9
0 out of 10 points
Statements of Health from each SHA are combined to create a:

Answer Selected Answer:

System Statement of Health Response

Response Feedback:

Each workstation running a NAP agent will provide a SSOH in order to allow the NAP servers to determine whether the client should be given access to the network.

Question 10
100 out of 100 points
Match description with terminology.

Answer Question
A(n) ________________________ is a CA that integrates with Active

Selected Match F.

Directory and allows for auto-enrollment of user and computer certificates through the use of Group Policy and certificate templates. The top-level CA in any PKI hierarchy is the ________________. One alternative to using public key cryptography is by using a(n) ________________________. Each PKI certificate consists of a public key that is widely known, and a(n) ________________ that is known only to the user or computer who holds the certificate. Users can request certificates via the web using the _______________________________ service.

enterprise CA

C.
root CA

E.
shared secret key

J.
private key

A.
Certification Authority Web Enrollment

A ___________________________ obtains PKI health certificates from client computers when the IPSec NAP enforcement method is used. The __________________________ method is the only NAP enforcement agent that can be deployed in the absence of an Active Directory domain. _____________________________________ provide continuous monitoring of system compliance on all NAP clients. The _______________________________ distributes Statement of Health information to the appropriate System Health Validators.

H.
Health Registration Authority (HRA)

I.
DHCP enforcement

D.
System Health Agents (SHAs)

B.
NAP administration server

Each System Health Agent provides a _______________________________ regarding its health status.

G.
Statement of Health (SOH)

Question 11
10 out of 10 points
Which component of Active Directory Certificate Services uses the Online Certificate Status Protocol to respond to client requests?

Answer

Selected Answer:
Online Responder

Response Feedback:

Online Responders should be used for situations in which a traditional Certificate Revocation List (CRL) cannot be deployed in a reasonable manner.

Wednesday, April 24, 2013 1:31:34 PM CDT