|< Day Day Up >|| |
In this exercise, you will read a scenario about a company’s communications privacy challenge, and then answer the questions that follow. The questions are intended to reinforce key information presented in this chapter. If you are unable to answer a question, review the lessons and try the question again. You can find answers to the questions in the “Questions and Answers” section at the end of this chapter.
You are a systems administrator for Coho Vineyard. Your organization is planning to conduct a research project with Coho Winery, a partnering firm. This project will involve users in both organizations’ research departments. These users will exchange documents and information by means of e-mail messages. Much of this information is considered to be secret, so competitors must not be able to access the information. There are approximately 75 users working in the research department.
Coho Winery has expressed some concern about your ability to ensure that all users in its research department will be able to exchange secure e-mail messages with users in the Coho Vineyard research department. You must present Coho Winery with a plan that illustrates how you will address these concerns. Specifically, they want to know how you will meet the following requirements:
Users in the Coho Winery research department must be able to send secure e-mail messages.
Users who leave the Coho Winery research department must no longer be able to send secure e-mail messages.
Security requirements relating to e-mail might need to change from time to time.
How will you ensure that users in the Coho Winery research department can send secure e-mail messages?
Configure a standalone CA and instruct users to enroll for user certificates by using the Web enrollment tool.
Configure an enterprise CA and use a certificate template to automatically issue certificates that support S/MIME to the domain users group.
Configure an enterprise CA and use a certificate template to issue certificates that support EFS to the research group.
Configure a standalone CA and instruct users to perform advanced certificate requests by using the Web enrollment tool.
How will you ensure that when users leave the Coho Winery research department they are no longer able to send secure e-mail messages?
Configure a Group Policy setting to delete certificates from the local computer when they are revoked.
Create a group that has been denied the Read permission on the certificate template that the certificates were based on. Add users to this group when they leave the research department.
Place a copy of your certificate revocation list on a public Web server that is accessible by users in Coho Winery.
Provide Coho Winery with a copy of each certificate that belongs to a user who has left the research department. Instruct the administrator to place the certificates in the Untrusted Certificates store.
How will you reconfigure users in the Coho Winery research department when a new requirement for secure e-mail, such as a longer key, is introduced?
Create a new template with the new parameters. Configure the new template to supersede the old template.
Configure the existing template to contain the longer key length. Configure the template to re-enroll all certificate holders.
Create a second template with the new parameters. Deny research users the right to enroll for certificates based on the old template.
Revoke all certificates. Instruct users to enroll for new certificates based on a new template with the longer key length.
|< Day Day Up >|| |