Self Test

1.  

NoMoreHackers Inc. is implementing a PKI implementation. You have been asked to work as a consultant to design the PKI blueprint for the company. You have met with the CIO and the senior management to gather the requirements. You are confident of creating a sophisticated PKI architecture for the company. What will be your first step in the process?

1. Determine the location of the CAs.

2. Design the root CA.

3. Determine which CA trust hierarchy we will use.

4. Design the head office CA first, and then proceed to the regional offices.

2.  

IronCladSecurity Ltd s organization structure has several components . The majority of IT needs of the enterprise are met by the IronCladSecurity staff. This includes manufacturing, accounting, and sales divisions of the company. They also subcontract to other IT companies to provide IT services. The proposed PKI security structure should support all these business activities. What do you recommend to implement at IronCladSecurity under Windows Server 2003?

1. Have one root CA and one intermediary CA.

2. Have one root CA for internal use and one intermediary for external use.

3. Have one root CA and two intermediaries for internal and external use.

4. Have two root CAs for internal and external use.

3.  

You are contemplating the hierarchy of the CA servers at IronCladSecurity. IronCladSecurity has 40 offices in the United States, Germany, and Singapore. They have both contractors and permanent employees working for them, and have multiple IT departments. However, there is no Active Directory implementation for the enterprise. IronCladSecurity prefers to have independent entries as subsidiaries. Therefore, they do not prefer to link the three IT systems to accommodate a global IT system. What trust hierarchies can IronCladSecurity support?

1. Geographical and network

2. Network and organizational structure

3. Geographical and organizational structure

4. Organizational structure and network

4.  

You are reviewing a previous PKI implementation of a company called NoMoreHackers. It has come to your attention that all of the CA servers are connected to the network. The root CA, intermediary, and issuing CAs are connected to the same domain. You believe this a severe security risk and have instructed the company to take the servers offline. What step will not assist you to make the CA servers offline?

1. Shut down the CA computer.

2. Shut down the CA service.

3. Shut down the CSP service.

4. Configure CA as a Windows Server 2003 stand-alone server that is not connected to the domain.

5.  

You are proposing a new PKI implementation for NoMoreHackers to replace the existing security structure. You have proposed a three- tier CA server structure with online and offline CAs to protect the CAs from intruders. You will have root CA, policy CAs, and issuing CAs in your implementation. Which CAs will be set as offline CAs?

1. Only the root CA; the issuing and policy CAs can be online.

2. The root CAs and policy CAs; the issuing CAs will be online.

3. Only the policy CAs; the root CA and issuing CAs can be online.

4. The policy and issuing CAs will be offline; the root CA will be online.

1.  

B

2.  

C

3.  

C

4.  

C

5.  

B

6.  

You are about to install a CA on Windows Server 2003. You have a choice of two machines. One is a single processor machine with 1GB of memory with an existing Windows Server 2003 on a FAT file system. The other system is a twin processor with 512MB of memory on an NTFS file system. Which one would you choose to host the CA?

1. Use the first CA with 1GB of memory. The CA needs a lot of memory.

2. Use the first option because of the FAT file system.

3. Use the second option because Windows Server 2003 works best on a single-server system.

4. Use the second system because of the NTFS system.

7.  

We are going through the wizards to install a CA on a Windows Server 2003 server. We have selected the type as a stand-alone root CA. We have also selected the MS Strong Cryptographic Provider as the CSP. Now we need to select a hashing algorithm for the private and public key pair. What is a Windows 2003 hashing algorithm that comes with default CA installation?

1. Asymmetric

2. .NET Crypto API

3. Triple DES

4. SHA-1

8.  

Our management has asked us to install a CA to issue certificates to the employees and the business partners of our company. We are contemplating either Windows 2000 Server or Windows Server 2003 as our CA implementation. You have read that there are several new features in the Windows Server 2003 CA architecture that support a better implementation for the company. What are the new features?

1. Certificate templates

2. Auto-enrollment and Active Directory support

3. Web enrollment support interface and Active Directory support

4. Auto-enrollment and Web enrollment support interface

9.  

You are been appointed as the new CA administrator of one of the subordinate CA servers. You will administer the CA through the MMC Certification Authority application. You are experimenting with the different functionalities of the CA console. What is not available to you modify in the CA MMC console?

1. Revoke certificates

2. Issue certificates from the pending queue

3. View certificate details

4. Change certificate s hash algorithm

10.  

Several of your company resources are behaving strangely. You have noticed that some of the printer queues were deleted using an administrator account. All of these printers are protected using the PKI certificates of the company. You suspect that someone has obtained the CA keys and is impersonating the administrator account to delete the print queue. How will you solve this puzzle?

1. Monitor the CA auditing logs and renew the CA keys.

2. Disable auditing to save space for larger new key pairs.

3. Monitor the CA auditing logs; however, stick with the old key pairs.

4. Disable auditing and generate a new public key; however, use the same private key.

6.  

D

7.  

D

8.  

D

9.  

D

10.  

A