PrepAway - Latest Free Exam Questions & Answers

You need to configure Server2 to issue certificate revocation lists (CRLs) for the enterprise root C

PrepAway - Latest Free Exam Questions & Answers

You have two servers named Server1 and Server2. Both servers run Windows Server 2008
R2. Server1 is configured as an Enterprise Root certification authority (CA).
You install the Online Responder role service on Server2.
You need to configure Server2 to issue certificate revocation lists (CRLs) for the enterprise
root CA.
Which two tasks should you perform? (Each correct answer presents part of the solution.
Choose two.)

A.
Import the enterprise root CA certificate.

B.
Import the OCSP Response Signing certificate.

C.
Add the Server1 computer account to the CertPublishers group.

D.
Set the Startup Type of the Certificate Propagation service to Automatic.

Explanation:
http://technet.microsoft.com/en-us/library/cc770413%28v=ws.10%29.aspx
Online Responder Installation, Configuration, and Troubleshooting Guide
Public key infrastructure (PKI) consists of multiple components, including certificates,
certificate revocation lists (CRLs) and certification authorities (CAs). In most cases,
applications that depend on X.509 certificates, such as Secure/Multipurpose Internet Mail
Extensions (S/MIME), Secure Sockets Layer (SSL) and smart cards, are required to validate
the status of the certificates used when performing authentication, signing, or encryption
operations. The certificate status and revocation checking is the process by which the
validity of certificates is verified based on two main categories: time and revocation status.
..
Although validating the revocation status of certificates can be performed in multiple ways,
the common mechanisms are CRLs, delta CRLs, and Online Certificate Status Protocol
(OCSP) responses.

http://technet.microsoft.com/en-us/library/cc772393%28v=ws.10%29.aspx
Active Directory Certificate Services Step-by-Step Guide
http://blogs.technet.com/b/askds/archive/2009/09/01/designing-and-implementing-a-pki-parti-design-andplanning.aspx
Designing and Implementing a PKI: Part I Design and Planning
http://technet.microsoft.com/en-us/library/cc725937.aspx
Set Up an Online Responder
http://technet.microsoft.com/en-us/library/cc731099.aspx
Creating a Revocation Configuration


Leave a Reply