HOTSPOT
You have a server named Server1 that has the Network Policy and Access Services server
role installed.
You plan to configure Network Policy Server (NPS) on Server1 to use certificate-based
authentication for VPN connections.
You obtain a certificate for NPS.
You need to ensure that NPS can perform certificate-based authentication.
To which store should you import the certificate?
To answer, select the appropriate store in the answer area.

Answer:

Explanation:

When organizations deploy their own public key infrastructure (PKI) and install a private
trusted root CA, their CA automatically sends its certificate to all domain member computers
in the organization. The domain member client and server computers store the CA certificate
in the Trusted Root Certification Authorities certificate store. After this occurs, the domain
member computers trust certificates that are issued by the organization trusted root CA.
For example, if you install AD CS, the CA sends its certificate to the domain member
computers in your organization and they store the CA certificate in the Trusted Root
Certification Authorities certificate store on the local computer. If you also configure and
autoenroll a server certificate for your NPS servers and then deploy PEAP-MS-CHAP v2 for
wireless connections, all domain member wireless client computers can successfully
authenticate your NPS servers using the NPS server certificate because they trust the CA
that issued the NPS server certificate.
On computers that are running the Windows operating system, certificates that are installed
on the computer are kept in a storage area called the certificate store. The certificate store is
accessible using the Certificates Microsoft Management Console (MMC) snap-in.
This store contains multiple folders, where certificates of different types are stored. For
example, the certificate store contains a Trusted Root Certification Authorities folder where
the certificates from all trusted root CAs are kept.
When your organization deploys a PKI and installs a private trusted root CA using AD CS,
the CA automatically sends its certificate to all domain member computers in the
organization. The domain member client and server computers store the CA certificate in the
Trusted Root Certification Authorities folder in the Current User and the Local Computer

certificate stores. After this occurs, the domain member computers trust certificates that are
issued by the trusted root CA.
Similarly, when you autoenroll computer certificates to domain member client computers, the
certificate is kept in the Personal certificate store for the Local Computer. When you
autoenroll certificates to users, the user certificate is kept in the Personal certificate store for
the Current User.
http: //technet. microsoft. com/en-us/library/cc730811 . aspx
http: //technet. microsoft. com/en-us/library/cc730811 . aspx
http: //technet. microsoft. com/en-us/library/cc772401%28v=ws. 10%29. aspx
http: //technet. microsoft. com/en-us/library/ee407543%28v=ws. 10%29. aspx