Академический Документы
Профессиональный Документы
Культура Документы
10 out of 10 points
An organization can have one or more of these to distribute the load of issuing certificates in a geographically dispersed organization:
Response Feedback:
In a hierarchical CA deployment, intermediate CAs receive certificates from a higher-level CA, such as a root CA.
Question 2
10 out of 10 points
Each server that functions as a CA must be configured with a(n):
Response Feedback:
The revocation configuration provides information about certificates that have been revoked by a particular CA.
Question 3
0 out of 10 points
The following NAP component transmits information between the NAP Enforcement Clients and the System Health Agents:
Question 4
0 out of 10 points
In order to authenticate using a smart card that has been configured for their use, a user
Response Feedback:
Smart card authentication requires users to have a smart card reader installed on the relevant computer.
Question 5
10 out of 10 points
The Network Device Enrollment Service (NDES) uses the following protocol to enroll network devices for PKI certificates:
Response Feedback:
The Simple Certificate Enrollment Protocol allows devices, such as hubs and switches, to be enrolled for PKI certificates.
Question 6
10 out of 10 points
This provides a detailed explanation of how a particular Certification Authority manages certificates and keys
Response Feedback:
Question 7
10 out of 10 points
A server that operates the NAP Enforcement Server components is referred to as a(n):
Response Feedback:
Question 8
10 out of 10 points
The IPSec NAP Enforcement method relies on this type of PKI certificate to perform its enforcements:
Response Feedback:
NAP relies on health certificates to make determinations about whether a client should be allowed network access or not.
Question 9
0 out of 10 points
Statements of Health from each SHA are combined to create a:
Response Feedback:
Each workstation running a NAP agent will provide a SSOH in order to allow the NAP servers to determine whether the client should be given access to the network.
Question 10
100 out of 100 points
Match description with terminology.
Answer Question
A(n) ________________________ is a CA that integrates with Active
Selected Match F.
Directory and allows for auto-enrollment of user and computer certificates through the use of Group Policy and certificate templates. The top-level CA in any PKI hierarchy is the ________________. One alternative to using public key cryptography is by using a(n) ________________________. Each PKI certificate consists of a public key that is widely known, and a(n) ________________ that is known only to the user or computer who holds the certificate. Users can request certificates via the web using the _______________________________ service.
enterprise CA
C.
root CA
E.
shared secret key
J.
private key
A.
Certification Authority Web Enrollment
A ___________________________ obtains PKI health certificates from client computers when the IPSec NAP enforcement method is used. The __________________________ method is the only NAP enforcement agent that can be deployed in the absence of an Active Directory domain. _____________________________________ provide continuous monitoring of system compliance on all NAP clients. The _______________________________ distributes Statement of Health information to the appropriate System Health Validators.
H.
Health Registration Authority (HRA)
I.
DHCP enforcement
D.
System Health Agents (SHAs)
B.
NAP administration server
Each System Health Agent provides a _______________________________ regarding its health status.
G.
Statement of Health (SOH)
Question 11
10 out of 10 points
Which component of Active Directory Certificate Services uses the Online Certificate Status Protocol to respond to client requests?
Answer
Selected Answer:
Online Responder
Response Feedback:
Online Responders should be used for situations in which a traditional Certificate Revocation List (CRL) cannot be deployed in a reasonable manner.