Authentication, Authorization, and PKI
These questions are derived from the Self Test Software Practice Test for Microsoft exam #70-299 – Implementing and Administering Security in a Microsoft Windows Server 2003 Network
Objective: Planning, Configuring, and Troubleshooting Authentication, Authorization, and PKI
SubObjective:Install, manage, and configure Certificate Services
Single Answer, Multiple Choice
You are a security administrator for a company named 4Soft. The company’s network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. A public key infrastructure (PKI) has been deployed on the network.
Recently, you hired three assistant administrators. You granted them permissions on the certification authority (CA) server to add and remove certificate templates and to perform Key Archival and Recovery procedures. You want to monitor their attempts to add and remove certificate templates on the CA server by using the least administrative effort.
On which of the following groups should you enable auditing?
- Change CA Security Settings
- Change CA Configuration
- Backup and Restore the CA Database
- Store and Retrieve Archived Keys
B. Change CA Configuration
You can audit groups of operations related to CA management by enabling CA auditing. CA auditing is configured by specifying one or more CA audit groups in the Certificate Authority MMC snap-in. To audit the operations associated with the permissions that you granted to the three assistant administrators, you should audit the Change CA Configuration group. The Change CA Configuration group supports the auditing of the following operations:
- adding and removing CA templates
- scheduling the CRL publication time
- configuring Key Archival and Recovery (KAR)
- configuring the CRL Distribution Points (CDP)
Auditing the Change CA Security Settings group would record events related to configuring CA roles, CA auditing, and configuring restrictions on Certificate Managers. Auditing the Backup and Restore the CA Database group would record events related to backing up and restoring the CA database. Auditing on the Store and Retrieve Archived Keys audit group would record events related to archival and retrieval of subject keys.