click below
click below
Normal Size Small Size show me how
70-640
Active Directory Certification
Question | Answer |
---|---|
You are a domain administrator for a child domain in a multi domain Active Directory forest. Your company does not presently have a certification authority (CA) hierarchy implemented. You want to install a CA that will issue certificates for smart card | Have a member of the Enterprise Admins group install an enterprise root CA in your child domain and configure it to issue smart card certificates. |
You are the administrator of a small network with a single Active Directory domain. The information produced by your company is very valuable and could devastate your company’s business if leaked to competitors. You want to tighten network security by r | Install a standalone root CA. |
You are an administrator for a large corporation. Your department uses a single domain within the company’s multi-tree forest. Your department uses the entire building and is the only domain on the local subnet. You have a T3 connection to corporate hea | Implement an enterprise root CA. |
You are the administrator for a large company. You have a mix of Windows 2003 and 2008 servers throughout your organization and clients include Windows XP Professional and Windows Vista Business. You work in the engineering research department. Your com | Add an enterprise root CA to issue the EFS certificates. |
You are the manager for the westsim.com domain. You have previously installed Active Directory Certificate Services on a Windows Server 2008 server named CA1. CA1 is configured as an offline standalone root CA. You want to install Certificate Services o | Create a new private key. Save the request as a file. |
You are the manager for the westsim.com domain. You have previously installed Active Directory Certificate Services on a Windows Server 2008 server named CA1. CA1 is configured as an enterprise root CA. You want to install Certificate Services on a new | On CA2, generate a private key and submit a certificate request to CA1. Add the certificate from CA1 to the trusted root store on CA2. |
You are the manager for the westsim.com domain. You have previously installed Active Directory Certificate Services on a Windows Server 2008 server named CA1. CA1 is configured as an enterprise root CA. You install a new CA named CA2 as a subordinate st | Add the certificate from CA1 to the trusted root store on CA2. |
You are the manager for the westsim.com domain. You decide that you need to implement a Public Key Infrastructure (PKI) so that you can establish trust between your organization and various partner organizations. Prior to installing Active Directory Cer | Create a Certificate Practice Statement (CPS). |
You manage a network with a single domain named eastsim.com. You have a single server running Windows Server 2008 Enterprise edition. The server is not a member of the domain. You want to use this server to issue certificates using the autoenrollment fe | Join the computer to the domain. |
You are the administrator for the westsim.private network. The network has a single domain. The forest and domains are at Windows Server 2003 functional level. You want to configure certificates for EFS recovery agents. Certificate requests must be appr | Grant the EFS Agents group the Allow Issue and Manage Certificates permission to the CA. |
You manage Certificate Services for the widgets.com domain. You have just installed an enterprise root CA. You would like to archive the CA's private key. You plan on putting the private key on a USB drive, and then store the USB drive in a safe deposit | In the Certification Authority console, back up the CA. |
You manage Certificate Services for the westsim.com domain. Your CA hierarchy contains a single CA named CA1. You want to save the private keys for all certificates issued by the CA so that they can be restored if the private keys are destroyed. What | In the Certification Authority console, enable key archival on the CA. |
You manage Certificate Services for the westsim.com domain. Your CA hierarchy contains a single CA named CA1. You have configured key archival for all issued certificates and for the CA. Susan Wells calls to say that her hard disk crashed today, losin | On CA1, log on as a recovery agent. Restore her private key. Copy the private key to her new computer. |
You manage Certificate Services for the widgets.com domain. You have installed a single CA named CA1 as an offline, standalone root CA. You are getting ready to install a second CA in your hierarchy. You want to use this CA to issue certificates to user | Install the CA as an enterprise subordinate CA. On the CA properties, configure one or more recovery agents. |
You manage Certificate Services for the westsim.com domain. Your CA hierarchy contains a single CA named CA1. You configure a certificate template named EFSTemplate for EFS encryption. In the template, you designate that the certificate requests must be | Add EFSMgr as a certificate manager on CA1. |
You manage Certificate Services for the westsim.com domain. Your CA hierarchy contains a root CA named CA1 and several subordinate CAs. You have a staff of assistants, many of whom are allowed to manage the CAs. You decide that you want to keep track of | Configure auditing for specific events on each CA. Enable object access auditing in a GPO that applies to the CAs. |
You manage Certificate Services for the westsim.com domain. Your CA hierarchy contains a single CA named CA1. You have several certificate templates that are configured to require manager approval before they can be issued. On the CA, you have granted | Edit the CA properties. On the Certificate Managers tab, restrict management of the EFSTemplate certificate to the CertAdmins group. |
You have a Certification Authority installed on the CA1 server. You want to migrate the server to a new server with newer hardware. You have performed the necessary backup operations on CA1. You now need to perform the necessary steps to move the CA to | 1. Install Certificate Services. 2. Stop the CA service. 3. Restore the CA settings from the backup. 4. Restore the registry settings. 5. Start the CA service. 6. Reconfigure issued templates. The certificate templates are stored in Active Direc |
You are the security administrator for your Active Directory domain. Your domain controllers are running Windows 2008. An Enterprise root CA has been installed in your domain. Your company is using Exchange 2003 and Outlook 2003 for e-mail. You are prep | Issue a Key Recovery Agent certificate to a trusted administrator and configure the Enterprise CA for the archival of private keys. Have users export their Exchange User Certificate with private key to diskette by using the Certificates snap-in. Store |
You are the security administrator for your organization's Active Directory Forest. You have implemented a CA hierarchy using Windows 2008 Enterprise servers. You need to make sure that you can restore your CAs and their databases in the case of a serve | Perform a system state backup on the CA servers and secure the media. |
You are working as an administrator for a single Active Directory domain running in Windows Server 2003 functional level. The network consists of multiple domain controllers and member servers running Windows Server 2008. On one of the member servers, you | Add the group GG-EnrollmentAgent to the ACL of the certificate template and select Read and Enroll permission. |
You manage Certificate Services for the westsim.com domain. You have a single CA installed as an enterprise root CA that runs Windows Server 2008. You want to configure autoenrollment for computer certificates. When you edit the Computer certificate tem | Duplicate the Computer certificate. |
You manage Certificate Services for the westsim.com domain. You have a single CA installed as an enterprise root CA that runs Windows Server 2008. You want to allow users of the Research department to request certificates for EFS. You duplicate the Basi | On the CA, issue the certificate template. |
You manage Certificate Services for the westsim.com domain. You have a single CA installed as an enterprise root CA that runs Windows Server 2008. You duplicate the Basic EFS certificate template, and configure the CA to issue the certificate. You wan | Grant Read and Write permissions to the certificate template. |
You want to save the private keys issued for all certificates issued by the CA so that they can be restored if the private keys are destroyed. You want to allow members of the EFSAdmins group to recover the private keys if necessary. How do you configur | For the CA, enable key archival and add the certificates for the recovery agents. Duplicate the Recovery Agent certificate template, granting the Read and Enroll permissions to the EFSAdmins group. Have each user request a certificate using the new te |