PrepAway - Latest Free Exam Questions & Answers

Your company uses an Enterprise Root certification authority (CA)and an Enterprise Intermediate C

PrepAway - Latest Free Exam Questions & Answers

Your company has an Active Directory domain.
All serversrun Windows Server 2008 R2.
Your company uses an Enterprise Root certification authority (CA)and an Enterprise Intermediate CA.
The Enterprise Intermediate CA certificate expires.
Youneed to deploy a new Enterprise Intermediate CA certificate to all computers in the domain.
What should you do?

A.
Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.

B.
Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.

C.
Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group
policy object.

D.
Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.

Explanation:
http://technet.microsoft.com/en-us/library/cc962065.aspx
Certification Authority Trust Model
Certification Authority Hierarchies
The Windows 2000 public key infrastructure supportsa hierarchical CA trust model, called the certification
hierarchy, to provide scalability, ease of administration, and compatibility with a growing number of commercial
third-party CA services and public key-aware products. In its simplest form, a certification hierarchyconsists of
a single CA. However, the hierarchy usually contains multiple CAs that have clearly defined parent-child
relationships. Figure 16.5 shows some possible CA hierarchies.

Figure 16.5 Certification Hierarchies
You can deploy multiple CA hierarchies to meet yourneeds. The CA at the top of the hierarchy is called a root
CA . Root CAs are self-certified by using a self-signed CA certificate. Root CAs are the most trusted CAs in the
organization and it is recommended that they have the highest security of all. There is no requirementthat all
CAs in an enterprise share a common top-level CA parent or root. Although trust for CAs depends on each
domain’s CA trust policy, each CA in the hierarchy can be in a different domain.
Child CAs are called subordinate CAs. Subordinate CAs are certified by the parent CAs.A parent CA certifies
the subordinate CA by issuing and signing the subordinate CA certificate. A subordinate CA can be either an
intermediate or an issuing CA . An intermediate CA issues certificates only to subordinate CAs. An
issuing CA issues certificates to users, computers,or services.
http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/605dbf9d-2694-4783-8002-c08b9c7d4149
Forum FAQ: How to import certificate into Intermediate Certification Authorities store?


Leave a Reply