PrepAway - Latest Free Exam Questions & Answers

You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point for the

Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 R2. Server1 has an enterprise root
certification authority (CA) for contoso.com.
You deploy another member server named Server2 that runs Windows Server 2012 R2 and has the
Web Server (IIS) server role installed.
You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point
for the C

PrepAway - Latest Free Exam Questions & Answers

A.
The solution must ensure that CRLs are published automatically to Server2.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose
two.)
Create an http:// CRL distribution point (CDP) entry.

A.
The solution must ensure that CRLs are published automatically to Server2.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose
two.)
Create an http:// CRL distribution point (CDP) entry.

B.
Configure a CA exit module.

C.
Create a file:// CRL distribution point (CDP) entry.

D.
Configure a CA policy module.

E.
Configure an enrollment agent.

Explanation:
A)
To specify CRL distribution points in issued certificates
Open the Certification Authority snap-in.
In the console tree, click the name of the CA.
On the Action menu, click Properties , and then click the Extensions tab. Confirm that Select
extension is set to CRL Distribution Point (CDP) .
Do one or more of the following. (The list of CRL distribution points is in the Specify locations from
which users can obtain a certificate revocation list (CRL) box.)
/ To indicate that you want to use a URL as a CRL distribution point
Click the CRL distribution point, select the Include in the CDP extension of issued certificates check
box, and then click OK .
Click Yes to stop and restart Active Directory Certificate Services (AD CS).
D)

You can specify CRL Distribution Points (CDPs) in CAPolicy.inf. Note that any CDP in CAPolicy.inf
will take precedence for certificate verifiers over the CDP’s specified in the CA policy module.
Note:

CRLDistributionPoint
You can specify CRL Distribution Points (CDPs) for a root CA certificate in the CAPolicy.inf. This
section does not configure the CDP for the CA itself. After the CA has been installed you can
configure the CDP URLs that the CA will include in each certificate that it issues. The URLs specified
in this section of the CAPolicy.inf file are included in the root CA certificate itself.
Example:
[CRLDistributionPoint]
URL=http://pki.wingtiptoys.com/cdp/WingtipToysRootCA.crl

7 Comments on “You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point for the

    1. Lafegob says:

      Your network contains an Active Directory domain named contoso.com.
      The domain contains a server named Server1 that runs Windows Server 2012 R2.
      Server1 has an enterprise root certification authority (CA) for contoso.com.
      You deploy another member server named Server2 that runs Windows Server 2012 R2 and has
      the Web Server (IIS) server role installed.
      You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point
      for the CA. The solution must ensure that CRLs are published automatically to Server2.
      Which two actions should you perform? (Each correct answer presents part of the solution. Choose
      two.)

      A.
      Create an http:// CRL distribution point (CDP) entry.

      B.
      Configure a CA exit module.

      C.
      Create a file:// CRL distribution point (CDP) entry

      D.
      Configure an enrollment agent.

      E.
      Configure a CA policy module.




      0



      0
  3. Jon says:

    208. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has an enterprise root certification authority (CA) for contoso.com. You deploy another member server named Server2 that runs Windows Server 2012 R2 and has the Web Server (IIS) server role installed. You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point for the CA. The solution must ensure that CRLs are published automatically to Server2. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

    A.
    Create an http:// CRL distribution point (CDP) entry.
    E.
    Configure a CA policy module.




    0



    0
  5. Franc says:

    when a CDP must be published on a WebSite, you need to do 2 things.

    1) you create a file CDP and publish it;
    2) you create a http CDP and point it to the file CDP. (do not publish)

    Why?!

    Because you cannot write to a http location!! You write (publish) to the file CDP and this is reachable thru the http location.




    0



    0

Leave a Reply