Question 1

The ____ is used to request certificates on behalf of a user and provides a signature.&#10;A) enrollment agent&#10;C) enrollment standard&#10;B) certificate intermediary&#10;D) enrollment GUI

Accepted Answer

The enrollment agent is specifically responsible for requesting certificates on behalf of users and providing a signature to verify the authenticity of the request. The other options are not directly related to this function.

Question 2

The ____ is the first CA in the hierarchy.&#10;A) basis CA&#10;C) root CA&#10;B) original CA&#10;D) subordinate CA

Accepted Answer

The root CA is the first CA in the hierarchy and is the top-most level in a PKI structure. It is responsible for issuing digital certificates to subordinate CAs that are trusted by the root CA. The certificate chain begins with the root CA certificate and ends with the certificate of the user or device requesting access, allowing for secure communication and data transfer.

Question 3

Using ____, you can execute command-line commands from one server against a remote server.&#10;A) WinRS&#10;C) WinRM&#10;B) WinSAT&#10;D) WCEUtil

Accepted Answer

WinRM (Windows Remote Management) is a powerful tool that allows remote management of Windows machines using the WS-management protocol over HTTP/HTTPS. It helps IT Admins to remotely execute commands across multiple machines simultaneously, which saves significant time and allows them to focus on other tasks. It is a core feature of the Windows Management Framework (WMF) and is available for all modern Windows Server versions. The WinRM service should be running on both the local and remote machines, and the firewall rules should allow the connection between them. Once configured, it is an excellent tool for IT admins working with Windows Server environments.

Question 4

When a ____ key pair is used, one key encrypts the data and the other key decrypts the data.&#10;A) public/private&#10;C) symmetric&#10;B) private/private&#10;D) bilateral

Accepted Answer

Public/private key pairs are commonly used for encryption and decryption processes. One key (the public key) is used to encrypt the data, while the other key (the private key) is used to decrypt the data. This allows for secure communication and data transfer without the need for a shared secret key. The other options (B) private/private and (C) symmetric do not involve the use of separate public and private keys for encryption and decryption, and (D) bilateral is not a commonly used term in the context of cryptography.

Question 5

A CA can be a company such as VeriSign that issues certificates for use on the Internet, or it can be a software component, such as Microsoft's Certification Authority, that issues certificates.

Accepted Answer

This statement is correct. A Certificate Authority (CA) can be a company that issues certificates for use on the Internet, or it can be a software component that issues certificates. Examples include VeriSign, DigiCert, and Microsoft's Certification Authority.

Question 6

Once the CA is created, it can be used to issue certificates.

Accepted Answer

Once a CA is created, it has the ability to issue certificates for entities such as websites, servers, and users.

Question 7

The same public key can decrypt information encrypted with the public key.

Accepted Answer

The public key can only encrypt the information, but it cannot decrypt it. This is because the public key is meant to be shared with anyone who wants to send information securely to the owner of the public key. On the other hand, the private key is used to decrypt the information that was encrypted with the public key, and only the owner of the private key has access to it.

Question 8

The first time a user encrypts data using EFS, a ____ key pair is generated.&#10;A) private&#10;C) symmetric&#10;B) public/private&#10;D) bifurcated

Accepted Answer

When a user encrypts data using EFS for the first time, a public/private key pair is generated. The public key is used to encrypt the file, while the private key is required to decrypt it. This ensures that the file can only be accessed by the user who encrypted it, as they are the only ones with the private key.

Question 9

When a public and private key are used for encryption, the process is called ____.&#10;A) symmetric encryption&#10;C) bilateral encryption&#10;B) asymmetric encryption&#10;D) dual encryption

Accepted Answer

When a public and private key are used for encryption, it is known as asymmetric encryption. This is because two different keys are used for encryption and decryption, unlike symmetric encryption where the same key is used for encryption and decryption.

Question 10

____ involves the creation, issuing, managing, and revoking of certificates.&#10;A) Certificate threat management&#10;C) Public key management&#10;B) Certificate life cycle management&#10;D) Certificate Practice Policy

Accepted Answer

Certificate life cycle management involves all the processes related to the creation, issuance, management, and revocation of certificates. This includes managing the certificate request process, verifying identity, issuing certificates, managing certificate expiration dates, and revoking certificates when necessary. Certificate life cycle management is essential for maintaining the security and trust of a PKI environment.

Question 11

____ allows an administrator to configure certificates to be issued to clients without them having to request the certificates.&#10;A) Autoprovisioning&#10;B) Autoenrollment&#10;C) Autocertification&#10;D) Autoconfiguration

Accepted Answer

The answer of ____ allows an administrator to configure certificates...

Question 12

An established public CA will have a root certificate in the ____.&#10;A) Third-Party Certification Authorities store&#10;B) Personal store&#10;C) Trusted Certification Authorities store&#10;D) Trusted Root Certification Authorities store

Accepted Answer

The answer of An established public CA will have a...

Question 13

A ____ is approximately the size of a credit card, and includes a microprocessor and a user certificate.&#10;A) smart card&#10;C) trusted computing base&#10;B) token&#10;D) trusted computing module

Accepted Answer

The answer of A ____ is approximately the size of...

Question 14

Revoked certificates are published by the CA via a(n) ____ using an X.509 version 2 certificate.&#10;A) invalid certificates list (ICL)&#10;C) certificate practice statement (CPS)&#10;B) certificate revocation list (CRL)&#10;D) certificate life cycle list (CLCL)

Accepted Answer

The answer of Revoked certificates are published by the CA...

Question 15

The ____ can be added to a Microsoft Management Console (MMC) and used to request certificates from an enterprise CA.&#10;A) Public-key snap-in&#10;C) Encryption snap-in&#10;B) Computer Management snap-in&#10;D) Certificates snap-in

Accepted Answer

The answer of The ____ can be added to a...

Question 16

A ____ is used to issue and manage certificates.&#10;A) public key registry&#10;C) public key store&#10;B) public key cryptography&#10;D) public key infrastructure

Accepted Answer

The answer of A ____ is used to issue and...

Question 17

A PKI may appear complex on the surface but is actually rather simple.

Accepted Answer

The answer of A PKI may appear complex on the...

Question 18

After installing certificate services, the name of the computer and the domain settings cannot be changed, or AD CS will no longer function correctly.

Accepted Answer

The answer of After installing certificate services, the name of...

Question 19

A(n) ____ is a complete listing of all certificates revoked by the CA.&#10;A) new CRL&#10;C) alpha CRL&#10;B) delta CRL&#10;D) revocation CRL

Accepted Answer

The answer of A(n) ____ is a complete listing of...

Question 20

A ____ is a number created by performing a hashing algorithm on data.&#10;A) signature&#10;C) cipher&#10;B) key&#10;D) hash

Accepted Answer

The answer of A ____ is a number created by...

Question 21

Explain how you can view certificates in the Trusted Root Certification Authority.

Accepted Answer

The answer of Explain how you can view certificates in...

Question 22

A(n) ___________________ lists only the changes since the last CRL publication.

Accepted Answer

The answer of A(n) ___________________ lists only the changes since...

Question 23

Explain automatic certificate enrollment.

Accepted Answer

The answer of Explain automatic certificate enrollment....

Question 24

The Network Device Enrollment service uses a(n) ____ to accept the registration requests.&#10;A) certification authority&#10;C) enrollment authority&#10;B) registration authority&#10;D) requirements authority

Accepted Answer

The answer of The Network Device Enrollment service uses a(n)...

Question 25

A(n) ___________________ provides authentication, integrity, and non-repudiation.

Accepted Answer

The answer of A(n) ___________________ provides authentication, integrity, and non-repudiation....

Question 26

____ add advanced cryptographic settings to the certificate, and can be used with Windows Vista and later clients.&#10;A) V1 templates&#10;C) V3 templates&#10;B) V2 templates&#10;D) V4 templates

Accepted Answer

The answer of ____ add advanced cryptographic settings to the...

Question 27

AD CS publishes the full CRL once a ____ by default.&#10;A) day&#10;C) month&#10;B) week&#10;D) year

Accepted Answer

The answer of AD CS publishes the full CRL once...

Question 28

List two purposes for which certificates are used.

Accepted Answer

The answer of List two purposes for which certificates are...

Question 29

Users in the ___________________ role are granted the Issue and Manage Certificates permission and can approve certificate enrollment and revocation requests.

Accepted Answer

The answer of Users in the ___________________ role are granted...

Question 30

List the four steps required to complete the configuration of the online responder.

Accepted Answer

The answer of List the four steps required to complete...

Question 31

Users in the ___________________ role are granted Backup File and Directories and Restore File and Directories permissions.

Accepted Answer

The answer of Users in the ___________________ role are granted...

Question 32

One or more people in an organization can be designated as ________________________ agents for specific templates, and can then request certificates on behalf of users.

Accepted Answer

The answer of One or more people in an organization...

Question 33

Users in the ____ role are granted the Manage Auditing and Security Log permissions.&#10;A) Administrator&#10;C) Auditor&#10;B) Approver&#10;D) Validator

Accepted Answer

The answer of Users in the ____ role are granted...

Question 34

Explain how to deploy trusted root certificates via group policy.

Accepted Answer

The answer of Explain how to deploy trusted root certificates...

Question 35

AD CS publishes a delta CRL once a ____ by default.&#10;A) day&#10;C) month&#10;B) week&#10;D) year

Accepted Answer

The answer of AD CS publishes a delta CRL once...

Question 36

Explain how the online responder service is configured.

Accepted Answer

The answer of Explain how the online responder service is...

Question 37

You can use the ____ to view and manage all of the certificate stores used by the computer, users, or services on a computer.&#10;A) Policies MMC&#10;C) System MMC&#10;B) Computer Management MMC&#10;D) Certificates MMC

Accepted Answer

The answer of You can use the ____ to view...

Question 38

List and describe two permissions that can be granted to enterprise admins.

Accepted Answer

The answer of List and describe two permissions that can...

Question 39

List and describe two AD CS role services.

Accepted Answer

The answer of List and describe two AD CS role...

Question 40

Discuss how certificates issued to network devices can be used.

Accepted Answer

The answer of Discuss how certificates issued to network devices...

Question 41

Describe restricted enrollment agents.

Accepted Answer

The answer of Describe restricted enrollment agents....

Question 42

Match between columns&#10;                        Premises: The entity that issues the certificates&#10;The entity that issues the certificates&#10;The entity that issues the certificates&#10;The entity that issues the certificates&#10;The entity that issues the certificates&#10;The entity that issues the certificates&#10;The entity that issues the certificates&#10;The entity that issues the certificates&#10;The entity that issues the certificates&#10;Uses a single key (often referred to as a session key) to encrypt and decrypt the data&#10;Uses a single key (often referred to as a session key) to encrypt and decrypt the data&#10;Uses a single key (often referred to as a session key) to encrypt and decrypt the data&#10;Uses a single key (often referred to as a session key) to encrypt and decrypt the data&#10;Uses a single key (often referred to as a session key) to encrypt and decrypt the data&#10;Uses a single key (often referred to as a session key) to encrypt and decrypt the data&#10;Uses a single key (often referred to as a session key) to encrypt and decrypt the data&#10;Uses a single key (often referred to as a session key) to encrypt and decrypt the data&#10;Uses a single key (often referred to as a session key) to encrypt and decrypt the data&#10;If an enterprise has more than one CA, this MMC can be used to manage all of them&#10;If an enterprise has more than one CA, this MMC can be used to manage all of them&#10;If an enterprise has more than one CA, this MMC can be used to manage all of them&#10;If an enterprise has more than one CA, this MMC can be used to manage all of them&#10;If an enterprise has more than one CA, this MMC can be used to manage all of them&#10;If an enterprise has more than one CA, this MMC can be used to manage all of them&#10;If an enterprise has more than one CA, this MMC can be used to manage all of them&#10;If an enterprise has more than one CA, this MMC can be used to manage all of them&#10;If an enterprise has more than one CA, this MMC can be used to manage all of them&#10;This MMC is used to manage the online responders that provide the CRL to requestors to validate certificates&#10;This MMC is used to manage the online responders that provide the CRL to requestors to validate certificates&#10;This MMC is used to manage the online responders that provide the CRL to requestors to validate certificates&#10;This MMC is used to manage the online responders that provide the CRL to requestors to validate certificates&#10;This MMC is used to manage the online responders that provide the CRL to requestors to validate certificates&#10;This MMC is used to manage the online responders that provide the CRL to requestors to validate certificates&#10;This MMC is used to manage the online responders that provide the CRL to requestors to validate certificates&#10;This MMC is used to manage the online responders that provide the CRL to requestors to validate certificates&#10;This MMC is used to manage the online responders that provide the CRL to requestors to validate certificates&#10;Very secure, but also resource intensive, requiring a lot of processing power&#10;Very secure, but also resource intensive, requiring a lot of processing power&#10;Very secure, but also resource intensive, requiring a lot of processing power&#10;Very secure, but also resource intensive, requiring a lot of processing power&#10;Very secure, but also resource intensive, requiring a lot of processing power&#10;Very secure, but also resource intensive, requiring a lot of processing power&#10;Very secure, but also resource intensive, requiring a lot of processing power&#10;Very secure, but also resource intensive, requiring a lot of processing power&#10;Very secure, but also resource intensive, requiring a lot of processing power&#10;Used to issue certificates to network devices such as routers that do not have accounts in Active Directory&#10;Used to issue certificates to network devices such as routers that do not have accounts in Active Directory&#10;Used to issue certificates to network devices such as routers that do not have accounts in Active Directory&#10;Used to issue certificates to network devices such as routers that do not have accounts in Active Directory&#10;Used to issue certificates to network devices such as routers that do not have accounts in Active Directory&#10;Used to issue certificates to network devices such as routers that do not have accounts in Active Directory&#10;Used to issue certificates to network devices such as routers that do not have accounts in Active Directory&#10;Used to issue certificates to network devices such as routers that do not have accounts in Active Directory&#10;Used to issue certificates to network devices such as routers that do not have accounts in Active Directory&#10;Can be used by individual users to encrypt their data&#10;Can be used by individual users to encrypt their data&#10;Can be used by individual users to encrypt their data&#10;Can be used by individual users to encrypt their data&#10;Can be used by individual users to encrypt their data&#10;Can be used by individual users to encrypt their data&#10;Can be used by individual users to encrypt their data&#10;Can be used by individual users to encrypt their data&#10;Can be used by individual users to encrypt their data&#10;Includes all of the technologies needed to create, issue, manage, store, and revoke certificates&#10;Includes all of the technologies needed to create, issue, manage, store, and revoke certificates&#10;Includes all of the technologies needed to create, issue, manage, store, and revoke certificates&#10;Includes all of the technologies needed to create, issue, manage, store, and revoke certificates&#10;Includes all of the technologies needed to create, issue, manage, store, and revoke certificates&#10;Includes all of the technologies needed to create, issue, manage, store, and revoke certificates&#10;Includes all of the technologies needed to create, issue, manage, store, and revoke certificates&#10;Includes all of the technologies needed to create, issue, manage, store, and revoke certificates&#10;Includes all of the technologies needed to create, issue, manage, store, and revoke certificates&#10;Specifically designed to support automatic request and retrieval of certificates for network devices&#10;Specifically designed to support automatic request and retrieval of certificates for network devices&#10;Specifically designed to support automatic request and retrieval of certificates for network devices&#10;Specifically designed to support automatic request and retrieval of certificates for network devices&#10;Specifically designed to support automatic request and retrieval of certificates for network devices&#10;Specifically designed to support automatic request and retrieval of certificates for network devices&#10;Specifically designed to support automatic request and retrieval of certificates for network devices&#10;Specifically designed to support automatic request and retrieval of certificates for network devices&#10;Specifically designed to support automatic request and retrieval of certificates for network devices

Accepted Answer

The Answer of public key infrastructure and CA and asymmetric is...

Deck 6: Designing and Implementing a PKI