Configure Active Directory Certificate Services

These questions are based on 70-640 – TS: Windows Server 2008 Active Directory, Configuring
Self Test Software Practice Test


Objective: Configure Active Directory certificate services.
Sub-objective: Manage certificate revocations.


Multiple answer, multiple-choice


You are the systems administrator for your company. The company’s network consists of a single Active Directory domain. You install Active Directory Certificate Services (AD CS) on a computer running Windows Server 2008. The AD CS server is configured as an enterprise certification authority (CA).


You want another computer to be an Online Responder to provide certification revocation data to clients. You install the IIS and the Online Responder service on a Windows Server 2008 server. You test the Online Responder, but the Online Responder fails. What must you do to ensure the Online Responder works correctly? (Choose two.)



  1. Add the Windows Server 2008 server to the Certificate Publishers group.
  2. Install Microsoft Simple Certificate Enrollment Protocol (MSCEP) on the server.
  3. Configure an Online Certificate Status Protocol (OCSP) Response Signing certificate template on the CA.
  4. Include the Uniform Resource Locator (URL) for the Online Responder in the Authority Information Access (AIA) extension of certificates issued by the CA.
  5. Lower the Publish Delta CRL and the Publish CRL Interval settings on the CA so expired certificates are published in Active Directory.

Answer:
C. Configure an Online Certificate Status Protocol (OCSP) Response Signing certificate template on the CA.


D. Include the Uniform Resource Locator (URL) for the Online Responder…


cmadmin

ABOUT THE AUTHOR

Posted in Uncategorized|

Comment:

Powered by WebDesk