تكلم مع الذكاء الاصطناعي
Deck 11: Active Directory Certificate Services
ملء الشاشة (f)
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
فتح الحزمة
قم بالتسجيل لفتح البطاقات في هذه المجموعة!
Unlock Deck
Unlock Deck
1/50
العب
ملء الشاشة (f)
Deck 11: Active Directory Certificate Services
1
Hash values are used to sign the CA certificate and certificates issued by the CA,as well as to verify that the original data hasn't been changed.
True
2
Which of the four CA roles can approve requests for certificate enrollment and revocation?
A)CA Administrator
B)Certificate Manager
C)Backup Operator
D)Auditor
A)CA Administrator
B)Certificate Manager
C)Backup Operator
D)Auditor
B
3
CA Autoenrollment can only be enabled on enterprise CAs.
True
4
What answer below is the term used to describe a list of certificates revoked since the last base,or complete,CRL was published?
A)Delta CRL
B)Certificate revocation list
C)Incremental CRL
D)Partial CRL
A)Delta CRL
B)Certificate revocation list
C)Incremental CRL
D)Partial CRL
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
5
If a certificate isn't configured for autoenrollment,a user may be able to request the certificate by using the Certificates snap-in,so long as they are accessing a standalone CA.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
6
Which description best fits the CA Administrator role?
A)Approves requests for certificate enrollment and revocation
B)Manages auditing logs
C)Configures and maintains CA servers,and can assign all other CA roles and renew the CA certificate
D)Able to back up and restore files and directories
A)Approves requests for certificate enrollment and revocation
B)Manages auditing logs
C)Configures and maintains CA servers,and can assign all other CA roles and renew the CA certificate
D)Able to back up and restore files and directories
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
7
If a smart card no longer has any space to contain a new key,what can you enable to prevent a renewal failure?
A)"Clear previous smart card keys" option
B)"Reserve space on smart card for new keys" option
C)"Disable automatic smart card renewal unless adequate space is available for a new key" option
D)"For automatic renewal of smart card certificates,use the existing key if a new key cannot be created" option
A)"Clear previous smart card keys" option
B)"Reserve space on smart card for new keys" option
C)"Disable automatic smart card renewal unless adequate space is available for a new key" option
D)"For automatic renewal of smart card certificates,use the existing key if a new key cannot be created" option
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
8
Select the answer below that is not a service a public key infrastructure provides to a network:
A)Confidentiality
B)Integrity
C)Nonrepudiation
D)Secure tunneling
A)Confidentiality
B)Integrity
C)Nonrepudiation
D)Secure tunneling
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
9
If a certificate has a validity period of 1 year and a renewal period of 1 month,when must a certificate that was issued on December 12th,2009 be renewed?
A)Once every month throughout the validity period
B)Between November 12,2010 and December 12,2010
C)Between December 12,2010 and January 12,2011
D)Between December 12,2010 and January 11
A)Once every month throughout the validity period
B)Between November 12,2010 and December 12,2010
C)Between December 12,2010 and January 12,2011
D)Between December 12,2010 and January 11
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
10
The Network Device Enrollment Service (NDES)allows network devices,such as routers and switches,to obtain certificates by using a special Cisco proprietary protocol known as...
A)Simple Certificate Enrollment Protocol (SCEP)
B)Special Device Certificate Protocol (SDCP)
C)Secured Network Device Protocol (SNDP)
D)Special Certificate Enrollment Protocol (SCEP)
A)Simple Certificate Enrollment Protocol (SCEP)
B)Special Device Certificate Protocol (SDCP)
C)Secured Network Device Protocol (SNDP)
D)Special Certificate Enrollment Protocol (SCEP)
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
11
What component of a PKI is held by a person or system and is unknown to anyone else?
A)Public key
B)Ciphertext
C)Secret key
D)Private key
A)Public key
B)Ciphertext
C)Secret key
D)Private key
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
12
Windows Server 2008 supports three versions of certificate templates.What version or versions of templates can be issued only from Windows Server 2008 enterprise CAs and can only be used on Windows Server 2008 and Vista clients?
A)Version 1
B)Version 2
C)Version 3
D)All of the above
A)Version 1
B)Version 2
C)Version 3
D)All of the above
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
13
When using HTTPS,after the web client finds that a CA is trusted and the signature on a certificate is verified,the web client sends additional parameters to the server that are encrypted with the server's....
A)Private key
B)Public key
C)Secret key
D)Ciphertext
A)Private key
B)Public key
C)Secret key
D)Ciphertext
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
14
What snap-in under Server manager will provide a wizard-based backup utility that will allow you to backup the CA's certificate and private key,as well as the certificates issued by the CA?
A)Active Directory Certificate Backup Utility
B)Active Directory CA Backup and Restore
C)Active Directory Certificate Services
D)Active Directory Certificate Backup and Restore
A)Active Directory Certificate Backup Utility
B)Active Directory CA Backup and Restore
C)Active Directory Certificate Services
D)Active Directory Certificate Backup and Restore
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
15
Which of the following is not true in relation to enterprise CAs?
A)Must operate online
B)Certificates published in Active Directory
C)No certificate templates available
D)CA's certificate distributed to clients automatically
A)Must operate online
B)Certificates published in Active Directory
C)No certificate templates available
D)CA's certificate distributed to clients automatically
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
16
A user's employment was recently terminated due to suspicions of corporate espionage.As part of a security audit,you have been assigned to investigate any files related to the user that was terminated.Unfortunately,due to unknown circumstances,the user's profile was lost.However,you have found several files believed to have been created by the user,that have been encrypted via EFS.Because your environment runs on Windows Server 2008 Enterprise edition,you are counting upon automatic key archival to gain access to the encrypted files.
Once the certificate manager locates the key in the CA database,what kind of user must be contacted in order to decrypt the key?
A)A data recovery agent
B)A key recovery agent responsible for the key
C)An administrator with permissions to the encrypted file that is also a member of the Data Recovery Operators group
D)No user can accomplish this task;Microsoft support must be contacted and the key sent to a designated Microsoft Special Situations Auditor (MSSA)for decryption
Once the certificate manager locates the key in the CA database,what kind of user must be contacted in order to decrypt the key?
A)A data recovery agent
B)A key recovery agent responsible for the key
C)An administrator with permissions to the encrypted file that is also a member of the Data Recovery Operators group
D)No user can accomplish this task;Microsoft support must be contacted and the key sent to a designated Microsoft Special Situations Auditor (MSSA)for decryption
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
17
If setting up a standalone certificate authority,Active Directory is required.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
18
Which of the following answers is not an element contained in a certificate practice statement?
A)Identification of the CA
B)Types of certificates used
C)Configuration of Active Directory information
D)Certificate lifetimes
A)Identification of the CA
B)Types of certificates used
C)Configuration of Active Directory information
D)Certificate lifetimes
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
19
What must be done to allow a user to be able to access a file encrypted with EFS over a network connection?
A)Certificate autoenrollment must be configured
B)The user must be given the correct permissions
C)The user's SID must be exported to the remote machine
D)This can not be accomplished
A)Certificate autoenrollment must be configured
B)The user must be given the correct permissions
C)The user's SID must be exported to the remote machine
D)This can not be accomplished
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
20
Before you can restore a CA database from a backup,the CA service must be stopped.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
21
What is the Authority Information Access term used to describe?
A)A type of special permission that defines who can access a CA server
B)A list of administrative users that have authority over a CA
C)A configuration window in Active Directory Certificate Services used to configure what subnets are allowed to access the CA
D)A path configured on a CA server that specifies where to find the certificate for a CA
A)A type of special permission that defines who can access a CA server
B)A list of administrative users that have authority over a CA
C)A configuration window in Active Directory Certificate Services used to configure what subnets are allowed to access the CA
D)A path configured on a CA server that specifies where to find the certificate for a CA
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
22
Certificate enrollment is...
A)The process of issuing a certificate to a client
B)The process of a certificate being created on a CA
C)The process of validating an external certificate from a trusted 3rd party to a local CA
D)The process of adding a certificate to an automated backup procedure
A)The process of issuing a certificate to a client
B)The process of a certificate being created on a CA
C)The process of validating an external certificate from a trusted 3rd party to a local CA
D)The process of adding a certificate to an automated backup procedure
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
23
MATCHING
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A CA that interacts with clients to field certificate requests and maintain the CRL
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A CA that interacts with clients to field certificate requests and maintain the CRL
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
24
What is the certificate distribution point (CDP)?
A)A special CA replication only topology to be used when CAs are updated
B)Identifies where the CRL for a CA can be retrieved;can include URLS for HTTP,FILE,FTP,and LDAP locations
C)A path that is configured on a CA server that specifies where to find the certificate for a CA
D)A list of the certificates revoked since the last base,or complete,CRL was published
A)A special CA replication only topology to be used when CAs are updated
B)Identifies where the CRL for a CA can be retrieved;can include URLS for HTTP,FILE,FTP,and LDAP locations
C)A path that is configured on a CA server that specifies where to find the certificate for a CA
D)A list of the certificates revoked since the last base,or complete,CRL was published
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
25
MATCHING
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A mathematical function that takes a string of data as input and produces a fixed-size value as output.
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A mathematical function that takes a string of data as input and produces a fixed-size value as output.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
26
____________________ is data that has been unaltered;as used in cryptography,this term defines the state of information before it's encrypted or after it has been decrypted.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
27
MATCHING
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A server configured with the Web Enrollment role service
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A server configured with the Web Enrollment role service
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
28
Web enrollment is the main method for accessing CA services on a ____________________ CA.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
29
Under normal circumstances,a client must download a certificate revocation list in order to check a certificate's revocation status,unless the ____________________ role service is available.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
30
MATCHING
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A security system that binds a user's or device's identity to a cryptographic key that secures data transfer with encryption and ensures data authenticity with digital certificates
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A security system that binds a user's or device's identity to a cryptographic key that secures data transfer with encryption and ensures data authenticity with digital certificates
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
31
MATCHING
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
The first CA installed in a network.
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
The first CA installed in a network.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
32
One of the following is not an example of a well known company that has universally trusted public CAs:
A)VeriSign
B)Comodo
C)GlobalSign
D)Secure4u
A)VeriSign
B)Comodo
C)GlobalSign
D)Secure4u
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
33
By setting up autoenrollment for EFS certificates,a user's EFS certificate is created...
A)When the user encrypts a file
B)After the user restarts his or her computer
C)The first time he or she logs on to the domain after autoenrollment is configured
D)After requesting the certificate within the Certificate snap-in
A)When the user encrypts a file
B)After the user restarts his or her computer
C)The first time he or she logs on to the domain after autoenrollment is configured
D)After requesting the certificate within the Certificate snap-in
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
34
MATCHING
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A service that allows network devices,such as routers and switches,to obtain certificates by using Simple Certificate Enrollment Protocol
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A service that allows network devices,such as routers and switches,to obtain certificates by using Simple Certificate Enrollment Protocol
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
35
A _________________________ is an entity that issues and manages digital certificates and associated public keys and is an integral part of PKI.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
36
____________________ is an international standard that defines many aspects of a PKI,including certificate formats.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
37
MATCHING
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A method of backing up private keys and restoring them if users' private keys are lost
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A method of backing up private keys and restoring them if users' private keys are lost
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
38
MATCHING
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A document describing how a CA issues certificates containing the CA identity,security practices used to maintain CA integrity,types of certificates issued,renewal policy,and so forth.
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A document describing how a CA issues certificates containing the CA identity,security practices used to maintain CA integrity,types of certificates issued,renewal policy,and so forth.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
39
MATCHING
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A CA in a multilevel CA hierarchy that issue certificates to issuing CAs,which respond to user and device certificate requests.
a.issuing CAs
f.public key infrastructure
b.root CA
g.key archival
c.intermediate CAs
h.Network Device Enrollment Service (NDES)
d.hash algorithm
i.Certificate Practice Statement (CPS)
e.registration authority
A CA in a multilevel CA hierarchy that issue certificates to issuing CAs,which respond to user and device certificate requests.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
40
An enterprise CA is...
A)Any Windows server with Active Directory Certificate Services role installed
B)A Windows Server 2003 Enterprise or Datacenter Edition server with Active Directory Certificate Services role installed
C)A Windows Server 2008 server with the Active Directory Certificate Services role installed
D)A Windows Server 2008 server with the Active Directory Enterprise Certificate Services role installed
A)Any Windows server with Active Directory Certificate Services role installed
B)A Windows Server 2003 Enterprise or Datacenter Edition server with Active Directory Certificate Services role installed
C)A Windows Server 2008 server with the Active Directory Certificate Services role installed
D)A Windows Server 2008 server with the Active Directory Enterprise Certificate Services role installed
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
41
This command-line program can be used to back up a CA.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
42
This is a server that supports Online Certificate Status Protocol (OCSP).
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
43
This type of CA isn't connected to the network,which makes it less vulnerable to attacks.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
44
What type of CA can publish the certificate revocation list to Active Directory automatically?
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
45
This is the name for the first CA installed in a network.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
46
In encryption,this is a numeric value used by a cryptographic algorithm to change plaintext into ciphertext and ciphertext back to plaintext.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
47
When configuring certificate templates,Windows Server 2003 Standard edition and Windows 2000 Server support only this version of templates
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
48
What type of CA requires that the CA's certificate be distributed to clients manually?
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
49
Enter the term that best matches the description below:
A numeric string created by a cryptographic algorithm,called a hash,that's used to validate a message or document's authenticity.
A numeric string created by a cryptographic algorithm,called a hash,that's used to validate a message or document's authenticity.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
50
This is an encryption / decryption process,used in a PKI system,that uses both a public key and a private key.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
فتح الحزمة
k this deck
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.
