Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
35 Cards in this Set
- Front
- Back
A method of backing up private keys and restoring them if users' private keys are lost |
key archival |
|
A CA that interacts with clients to field certificate requests and maintain the CRL |
issuing CAs |
|
A mathematical function that takes a string of data as input and produces a fixed-size value as output. |
hash algorithm |
|
A security system that binds a user's or device's identity to a cryptographic key that secures data transfer with encryption and ensures data authenticity with digital certificates |
public key infrastructure |
|
A server configured with the Web Enrollment role service |
registration authority |
|
The first CA installed in a network. |
root CA |
|
A document describing how a CA issues certificates containing the CA identity, security practices used to maintain CA integrity, types of certificates issued, renewal policy, and so forth. |
Certificate Practice Statement (CPS) |
|
A service that allows network devices, such as routers and switches, to obtain certificates by using Simple Certificate Enrollment Protocol |
Network Device Enrollment Service (NDES) |
|
A CA in a multilevel CA hierarchy that issue certificates to issuing CAs, which respond to user and device certificate requests |
intermediate CAs |
|
intermediate CAs |
A Windows Server 2008 server with the Active Directory Certificate Services role installed |
|
A user's employment was recently terminated due to suspicions of corporate espionage. As part of a security audit, you have been assigned to investigate any files related to the user that was terminated. Unfortunately, due to unknown circumstances, the user's profile was lost. However, you have found several files believed to have been created by the user, that have been encrypted via EFS. Because your environment runs on Windows Server 2008 Enterprise edition, you are counting upon automatic key archival to gain access to the encrypted files.Once the certificate manager locates the key in the CA database, what kind of user must be contacted in order to decrypt the key? |
A key recovery agent responsible for the key |
|
By setting up autoenrollment for EFS certificates, a user's EFS certificate is created... |
The first time he or she logs on to the domain after autoenrollment is configured |
|
Certificate enrollment is... |
The process of issuing a certificate to a client |
|
If a certificate has a validity period of 1 year and a renewal period of 1 month, when must a certificate that was issued on December 12th, 2009 be renewed?
|
Between November 12, 2010 and December 12, 2010
|
|
If a smart card no longer has any space to contain a new key, what can you enable to prevent a renewal failure?
|
"For automatic renewal of smart card certificates, use the existing key if a new key cannot be created" option |
|
One of the following is not an example of a well known company that has universally trusted public CAs:
|
Secure4u
|
|
Select the answer below that is not a service a public key infrastructure provides to a network:
|
Secure tunneling
|
|
The Network Device Enrollment Service (NDES) allows network devices, such as routers and switches, to obtain certificates by using a special Cisco proprietary protocol known as...
|
Simple Certificate Enrollment Protocol (SCEP)
|
|
What answer below is the term used to describe a list of certificates revoked since the last base, or complete, CRL was published?
|
Delta CRL
|
|
What component of a PKI is held by a person or system and is unknown to anyone else?
|
Private key
|
|
What is the Authority Information Access term used to describe?
|
A path configured on a CA server that specifies where to find the certificate for a CA
|
|
What is the certificate distribution point (CDP)
|
Identifies where the CRL for a CA can be retrieved; can include URLS for HTTP, FILE, FTP, and LDAP locations
|
|
What must be done to allow a user to be able to access a file encrypted with EFS over a network connection?
|
Certificate autoenrollment must be configured
|
|
What snap-in under Server manager will provide a wizard-based backup utility that will allow you to backup the CA's certificate and private key, as well as the certificates issued by the CA?
|
. Active Directory Certificate Services
|
|
When using HTTPS, after the web client finds that a CA is trusted and the signature on a certificate is verified, the web client sends additional parameters to the server that are encrypted with the server's... |
Public key |
|
Which description best fits the CA Administrator role? |
Configures and maintains CA servers, and can assign all other CA roles and renew the CA certificate |
|
Which of the following answers is not an element contained in a certificate practice statement? |
Configuration of Active Directory information |
|
Which of the following is not true in relation to enterprise CAs? |
No certificate templates available |
|
Which of the four CA roles can approve requests for certificate enrollment and revocation? |
Certificate Manager |
|
Windows Server 2008 supports three versions of certificate templates. What version or versions of templates can be issued only from Windows Server 2008 enterprise CAs and can only be used on Windows Server 2008 and Vista clients?
|
Version 3 |
|
Before you can restore a CA database from a backup, the CA service must be stopped. |
True |
|
00CA Autoenrollment can only be enabled on enterprise CAs. |
True |
|
Hash values are used to sign the CA certificate and certificates issued by the CA, as well as to verify that the original data hasn't been changed. |
True |
|
If a certificate isn't configured for autoenrollment, a user may be able to request the certificate by using the Certificates snap-in, so long as they are accessing a standalone CA. |
False |
|
If setting up a standalone certificate authority, Active Directory is required |
False
|