You are a security administrator at your company. The network consists of a single Active Directory domain. The network contains Windows 2000 Professional client computers and Windows Server 2003 computers.
Three Windows Server 2003 computers are named CA1, CA2, and CA3. You want to implement a public key infrastructure (PKI) to support the security requirements in your company. All certification authorities (CAs) must belong to the same CA hierarchy. You plan to install Certificate Services on CA1 first. CA1 will not be connected to the network and will be stored in a locked cabinet in the company data center. You plan to use CA2 to issue certificates for IPSec and Encrypting File System (EFS). You will configure CA2 to automatically issue these certificates. You plan to use CA3 to issue certificates that enable business partners to authenticate to your IIS Web site. CA3 will not be a member of the Active Directory domain.
You need to configure Certificate Services on each server to fulfill the server’s designated role. What should you do?
To answer, drag the appropriate Certificate Services configuration roles to the correct server locations in the work area.
Drag and drop question. Drag the items to the proper locations.
Answer:
