Which changes should you recommend?

Your company has four offices that are connected by using high speed wide area network (WAN)
links. Each office has a router that supports the Simple Certificate Enrollment Protocol (SCEP). The
network consists of one Active Directory domain. All domain controllers run Windows Server 2008.
You have a Certificate Services infrastructure. The Certificate Services servers run Windows Server
2003 Standard Edition. You plan to enable device authentication for all routers. You need to
recommend changes to the Certificate Services infrastructure to support device authentication.
Which changes should you recommend?

Your company has four offices that are connected by using high speed wide area network (WAN)
links. Each office has a router that supports the Simple Certificate Enrollment Protocol (SCEP). The
network consists of one Active Directory domain. All domain controllers run Windows Server 2008.
You have a Certificate Services infrastructure. The Certificate Services servers run Windows Server
2003 Standard Edition. You plan to enable device authentication for all routers. You need to
recommend changes to the Certificate Services infrastructure to support device authentication.
Which changes should you recommend?

A.
Install a new server that runs Windows Server 2008 Enterprise Edition. Enable the Active Directory
Certificate Services (AD CS) role.

B.
Install a new server that runs Windows Server 2008 Standard Edition. Install the Network
Protection and Access Services (NPAS) role.

C.
Upgrade the existing Certificate Services servers to Windows Server 2008 Standard Edition. Enable
the Web enrollment component.

D.
Upgrade the existing Certificate Services servers to Windows Server 2008 Enterprise Edition.
Enable the Network Device Enrollment service.

Explanation:
To enable device authentication for all routers and recommend changes to the Certificate Services
infrastructure to support device authentication, you need to upgrade the existing Certificate Services
servers to Windows Server 2008 Enterprise Edition and then enable the Network Device Enrollment
service. The Network Device Enrollment Service (NDES) is the Microsoft implementation of the
Simple Certificate Enrollment Protocol (SCEP), a communication protocol that makes it possible for
software running on network devices such as routers and switches, which cannot otherwise be
authenticated on the network, to enroll for X.509 certificates from a certification authority (CA).
AD CS: Network Device Enrollment Service

http://technet2.microsoft.com/windowsserver2008/en/library/569cd0df-3aa4-4dd7-88b8-
227e9e3c012b1033.mspx?mfr=true



Leave a Reply 0

Your email address will not be published. Required fields are marked *