Review

Previous page
Table of content
Next page

Answering the following questions will reinforce key information presented in this chapter. If you are unable to answer a question, review the appropriate lesson and then try the question again. Answers to the questions can be found in the appendix.

  1. A company has found that its offline root CA's hard disk has crashed. What must you include in the backup set to ensure that the root CA can be recovered?


  2. Assume that after the restoration of the previous backup, Certificate Services refused to start. What can you do to get Certificate Services running without having to redeploy the organization's PKI?


  3. The CRL publication interval for the CA that issues user certificates for authenticating with the Human Resources Web site is currently set to the default of seven days. The actual publication takes place every Sunday evening. On Tuesday morning, Amy Anderson was terminated from her position at the company and her user certificate was revoked immediately. When the administrator reset the password on Amy's account so that her supervisor could investigate Amy's My Documents folder, the supervisor found that she still could access the Human Resources Web site by authenticating with Amy's certificate. If the certificate was revoked, why is this happening?


  4. The permissions for the EnrollmentAgent certificate template are defined in the following manner:
    • Authenticated Users: Read, Enroll
    • Domain Admins: Full Control
    • Enterprise Admins: Read

    Are there any security weaknesses with the defined DACL for the EnrollmentAgent certificate template? What modifications should be made to give only members of the SmartCardDeployment group the ability to perform smart card enrollments?




  5. An organization has been approached as a consultant to design certificate mapping to allow secure access to a Web server located in the organization's DMZ. To prevent the internal network from being compromised, the Web server located in the DMZ isn't made a member of the domain. The Web server uses certificate-based authentication to ensure that only members of the IT infrastructure team can access the auditing Web pages. Where should the certificate mapping be defined—at the IIS server or in Active Directory?


  6. An organization has been approached as a consultant to design certificate mapping to allow secure access to a series of Web servers located on the organization's internal network. The Web servers use certificate-based authentication to ensure that only members of the IT infrastructure team can access the auditing Web pages. Where should the certificate mapping be defined—at the IIS servers or in Active Directory?


Answers


Previous page
Table of content
Next page
Microsoft Corporation - MCSE Training Kit (Exam 70-220. Designing Microsoft Windows 2000 Network Security)
MCSE Training Kit (Exam 70-220): Designing Microsoft Windows 2000 Network Security: Designing Microsoft(r) Windows(r) 2000 Network Security (IT-Training Kits)
ISBN: 0735611343
EAN: 2147483647
Year: 2001
Pages: 172
Authors: Microsoft Corporation
BUY ON AMAZON
The Complete Cisco VPN Configuration Guide
Java How to Program (6th Edition) (How to Program (Deitel))
Postfix: The Definitive Guide
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
.NET-A Complete Development Cycle
Java All-In-One Desk Reference For Dummies
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy