Which of the following options would you choose to implement a secure method for Internet users to verify the validity…

You are an Enterprise administrator for contoso.com. The corporate network of the company is configured with Perimeter network as shown in the exhibit.
Exhibit:
The company uses an enterprise certification authority (CA) and a Microsoft Online Responder on the internal network.
Which of the following options would you choose to implement a secure method for Internet users to verify the validity of individual certificates with the use of minimum network bandwidth? (Select two. Each correct answer will form a part of the answer.)

You are an Enterprise administrator for contoso.com. The corporate network of the company is configured with Perimeter network as shown in the exhibit.

The company uses an enterprise certification authority (CA) and a Microsoft Online Responder on the internal network.
Which of the following options would you choose to implement a secure method for Internet users to verify the validity of individual certificates with the use of minimum network bandwidth? (Select two. Each correct answer will form a part of the answer.)

A.
Install a stand-alone CA on a server on the perimeter network

B.
Deploy a subordinate CA on the perimeter network.

C.
Install Network Device Enrollment Service (NDES) on a server on the perimeter network.

D.
Install a Network Policy Server (NPS) on a server on the perimeter network.

E.
Redirect authentication requests to a server on the internal network.

F.
Install IIS on a server on the perimeter network

G.
Configure IIS to redirect requests to the Online Responder on the internal network.

Explanation:

To implement a secure method for Internet users to verify the validity of individual certificates with the use of minimum network bandwidth, you need to install IIS on a server on the perimeter network and configure IIS to redirect requests to the Online Responder on the internal network.

Windows Vista and the WindowsServer®2008 operating system will natively support both CRL and Online Certificate Status Protocol (OCSP) as a method of determining certificate status. The OCSP support includes both the client component as well as the Online Responder, which is the server component.

The Online Responder Web proxy cache represents the service interface for the Online Responder. It is implemented as an Internet Server Application Programming Interface (ISAPI) extension hosted by Internet Information Services (IIS)

When an application performs a certificate evaluation, the validation is performed on all certificates in that certificate’s chain. This includes every certificate from the end-entity certificate presented to the application to the root certificate. It is an online process and is designed to respond to single certificate status requests.

Reference: Online Responder Installation, Configuration, and Troubleshooting Guide http://technet.microsoft.com/en-us/library/cc770413.aspx



Leave a Reply 0

Your email address will not be published. Required fields are marked *