Ka10
description
Transcript of Ka10
estion 1
10 out of 10 points
An organization can have one or more of these to distribute the load of issuing certificates in a geographically dispersed organization:
Answer
Selected Answer:Intermediate CA
Response Feedback:
In a hierarchical CA deployment, intermediate CAs receive certificates from a higher-level CA, such as a root CA.
Question 2
10 out of 10 points
Each server that functions as a CA must be configured with a(n):
Answer
Selected Answer:Revocation configuration
Response Feedback:
The revocation configuration provides information about certificates that have been revoked by a particular CA.
Question 3
0 out of 10 points
The following NAP component transmits information between the NAP Enforcement Clients and the System Health Agents:
Answer
Selected Answer:NAP Client
Question 4
0 out of 10 points
In order to authenticate using a smart card that has been configured for their use, a user must have the following installed at their workstation:
Answer
Selected Answer:smart card enrollment station
Response Feedback:
Smart card authentication requires users to have a smart card reader installed on the relevant computer.
Question 5
10 out of 10 points
The Network Device Enrollment Service (NDES) uses the following protocol to enroll network devices for PKI certificates:
Answer
Selected Answer:Simple Certificate Enrollment Protocol
Response Feedback:
The Simple Certificate Enrollment Protocol allows devices, such as hubs and switches, to be enrolled for PKI certificates.
Question 6
10 out of 10 points
This provides a detailed explanation of how a particular Certification Authority manages certificates and keys
Answer
Selected Answer:
Certificate Practice Statement
Response Feedback:
Each CPS should be based on an organization’s written security policy.
Question 7
10 out of 10 points
A server that operates the NAP Enforcement Server components is referred to as a(n):
Answer
Selected Answer:enforcement point
Response Feedback:
Each NAP deployment requires at least one enforcement point to be configured.
Question 8
10 out of 10 points
The IPSec NAP Enforcement method relies on this type of PKI certificate to perform its enforcements:
Answer
Selected Answer:health certificate
Response Feedback:
NAP relies on health certificates to make determinations about whether a client should be allowed network access or not.
Question 9
0 out of 10 points
Statements of Health from each SHA are combined to create a:Answer
Selected Answer:System Statement of Health Response
Response Feedback:
Each workstation running a NAP agent will provide a SSOH in order to allow the NAP servers to determine whether the client should be given access to the network.
Question 10
100 out of 100 points
Match description with terminology.
Answer
Question Selected Match
A(n) ________________________ is a CA that integrates with Active Directory and allows for auto-enrollment of user and computer certificates through the use of Group Policy and certificate templates.
F.
enterprise CA
The top-level CA in any PKI hierarchy is the ________________. C.root CA
One alternative to using public key cryptography is by using a(n) ________________________.
E.shared secret key
Each PKI certificate consists of a public key that is widely known, and a(n) ________________ that is known only to the user or computer who holds the certificate.
J.private key
Users can request certificates via the web using the _______________________________ service.
A.Certification Authority Web Enrollment
A ___________________________ obtains PKI health certificates from client computers when the IPSec NAP enforcement method is used.
H.Health Registration Authority (HRA)
The __________________________ method is the only NAP enforcement agent that can be deployed in the absence of an Active Directory domain.
I.DHCP enforcement
_____________________________________ provide continuous monitoring of system compliance on all NAP clients.
D.System Health Agents (SHAs)
The _______________________________ distributes Statement of Health information to the appropriate System Health Validators.
B.NAP administration server
Each System Health Agent provides a _______________________________ regarding its health status.
G.Statement of Health (SOH)
Question 11
10 out of 10 points
Which component of Active Directory Certificate Services uses the Online Certificate Status Protocol to respond to client requests?
Answer
Selected Answer:
Online Responder
Response Feedback:
Online Responders should be used for situations in which a traditional Certificate Revocation List (CRL) cannot be deployed in a reasonable manner.
Wednesday, April 24, 2013 1:31:34 PM CDT