Which two actions should you perform?

Your network contains an Active Directory domain named contoso.com. The domain contains a
certification authority (CA).
You suspect that a certificate issued to a Web server is compromised.
You need to minimize the likelihood that users will trust the compromised certificate.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose
two.)

Your network contains an Active Directory domain named contoso.com. The domain contains a
certification authority (CA).
You suspect that a certificate issued to a Web server is compromised.
You need to minimize the likelihood that users will trust the compromised certificate.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose
two.)

A.
Stop the Certificate Propagation service.

B.
Modify the validity period of the Web Server certificate template.

C.
Run certutil and specify the -revoke parameter.

D.
Run certutil and specify the -deny parameter.

E.
Publish the certificate revocation list (CRL).

Explanation:

First revoke the certificate, then publish the CRL.

Show Hint

Leave a Reply 1

Your email address will not be published. Required fields are marked *

kurt

kurt

Joe says:
July 17, 2015 at 2:05 pm
C and E are correct.

First revoke the Certificate and then publish the CRL. Although this will not stop the server from trusting the certificate straight away it will increase the likelihood (eventually it will stop trusting it)

Reply