Configuring Server Roles

These questions are based on 70-649 – TS.


Objective: Configuring Server Roles
Sub-Objective: Configure Active Directory Certificate Services


Multiple Answer, Multiple Choice


You are the systems administrator for your company. The company’s network consists of a single Active Directory domain running Windows Server 2008 servers. Your company wants to provide smart cards to all users to log on to the domain. To achieve this, you are required to install an enterprise root certification authority (CA) in your domain.


Which two actions should you perform to install an enterprise root CA? (Each correct answer presents a part of the solution. Choose two.)



  1. Install Windows Server 2008 Enterprise edition on a server in the network.
  2. Add the new CA to the domain.
  3. Install Windows Server 2008 Standard edition on a server in the network.
  4. Install Active Directory Lightweight Directory Services (AD LDS) on a server in the network.
  5. Leave the CA in a workgroup.

Answer:



  1. Install Windows Server 2008 Enterprise edition on a server in the network.
  2. Add the new CA to the domain.

Tutorial:
You should install Windows Server 2008 Enterprise edition on a server in the network and add the server to the domain. Active Directory Certificate Services (AD CS) provides services for creating and managing public key certificates that are used in software security systems that employ public key technologies. You can use the Add Roles Wizard to install the AD CS role on a Windows Server 2008 computer. A CA can be an enterprise CA or a stand-alone CA. Installing an enterprise CA is appropriate if the CA is a member of a domain and can use access Directory Services to issue and manage certificates. You should install a stand-alone CA if the CA does not use Directory Services data to issue or manage certificates. When installing a CA, you can also specify whether the CA is a root CA or a subordinate CA. You should install a root CA if you are installing the first or only CA in a public key infrastructure. You should install a subordinate CA if your CA will obtain its CA certificate from another CA higher in a public key infrastructure. An enterprise CA requires access to AD DS. Enterprise CAs can only be installed on servers running Windows Server 2008 Enterprise or Windows Server 2008 Datacenter editions. A stand-alone CA does not require the use of AD DS, but it can be configured to use AD DS. An enterprise root CA must be a member of the domain, while allowing a stand-alone CA to access AD is optional.


You should not Install Windows Server 2008 Standard edition on a server because Enterprise CAs can only be installed on servers running Windows Server 2008 Enterprise or Windows Server 2008 Datacenter editions.


You should not install AD LDS on the server because an enterprise CA requires AD DS.


You should not leave the CA in a workgroup because an enterprise root CA must be a member of the domain in order to store its information in AD.


Reference:
Windows Server 2008 Technical Library > Active Directory Certificate Services > Evaluation > Windows Server Active Directory Certificate Services Step-by-Step Guide


Windows Server 2003 Technical Library > Windows Server 2003: Product Help > Windows Server 2003 Product Help > Security > Public Key Infrastructure > Certificate Services > Certificate Services Concepts > Understanding Certificate Services > Windows Server TechCenter > Certification Authorities > Types of certification authorities


Windows Server 2003 Technical Library > Windows Server 2003: Product Help > Windows Server 2003 Product Help > Security > Public Key Infrastructure > Certificate Services > Certificate Services Concepts > Understanding Certificate Services > Windows Server TechCenter > Certification Authorities > Stand-alone certification authorities


Windows Server 2003 Technical Library > Windows Server 2003: Product Help > Windows Server 2003 Product Help > Security > Public Key Infrastructure > Certificate Services > Certificate Services Concepts > Understanding Certificate Services > Windows Server TechCenter > Certification Authorities > Enterprise certification authorities

Like what you see? Share it.Google+LinkedInFacebookRedditTwitterEmail
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment: