Exam Objectives Frequently Asked Questions

Previous page
Table of content
Next page

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the Exam Objectives presented in this chapter, and to assist you with real-life implementation of these concepts. You will also  gain access to thousands of  other  FAQs at ITFAQnet.com.

1.  

How many root CAs can an enterprise have?

you can only have one root ca. this root ca will manage one or many other cas.

2.  

Can the root CAs issue certificates?

yes; however, it is not recommended. the root ca should be protected by the intermediary cas and should be disconnected from the network.

3.  

Are we only supposed to have two intermediary CAs? Can we have multiple CAs?

yes. the best practice is to have an internal and external intermediary ca (minimal requirement). you can design the pki architecture to have multiple cas for other purposes. (you might have a large client that accumulates 60 percent of your business. you can dedicate a special external ca just for this client.)

4.  

Can an enterprise PKI architecture exist without a root CA?

yes. a network trust hierarchy model does not have a root ca. however, a global directory (such as active directory) must be populated to find the other fellow cas of the enterprise.

5.  

Can we have certificate template in stand-alone CAs?

yes. certificate templates are available in both enterprise and stand-alone servers.

6.  

Do we need Active Directory support to create certificate templates in the organization?

yes. certificate templates will not be available if no active directory is present.

Answers

1.  

You can only have one root CA. This root CA will manage one or many other CAs.

2.  

Yes; however, it is not recommended. The root CA should be protected by the intermediary CAs and should be disconnected from the network.

3.  

Yes. The best practice is to have an internal and external intermediary CA (minimal requirement). You can design the PKI architecture to have multiple CAs for other purposes. (You might have a large client that accumulates 60 percent of your business. You can dedicate a special external CA just for this client.)

4.  

Yes. A network trust hierarchy model does not have a root CA. However, a global directory (such as Active Directory) must be populated to find the other fellow CAs of the enterprise.

5.  

Yes. Certificate templates are available in both enterprise and stand-alone servers.

6.  

Yes. Certificate templates will not be available if no Active Directory is present.



Previous page
Table of content
Next page
MCSE Designing Security for a Windows Server 2003 Network. Exam 70-298
MCSE Designing Security for a Windows Server 2003 Network: Exam 70-298
ISBN: 1932266550
EAN: 2147483647
Year: 2003
Pages: 122
Authors: Elias Khasner, Laura E. Hunter
BUY ON AMAZON
Beginning Cryptography with Java
Image Processing with LabVIEW and IMAQ Vision
A+ Fast Pass
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy