Which three actions should you perform? (Each correct answer presents part of the solution

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.

Your company hosts an extranet Web site that allows employees from a partner company to access confidential information over the lnternet. You want to require the partner company employees to use certificate-based authentication to access the extranet Web site. You have a public key infrastructure (PKI), which consists of a stand-alone root certification authority (CA) and an enterprise subordinate CA. The partner company does not have a PKI. You decide to issue certificates from your CA hierarchy to the partner company employees. The partner company certificates will require a different certificate policy than the policy currently used for issuing certificates to internal employees. Certificate revocation checking will be used during certificate-based authentication. You need to implement the necessary PKI changes to comply with these requirements.

You want to achieve this goal by using the minimum amount of administrative effort. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

You are a security administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional.

Your company hosts an extranet Web site that allows employees from a partner company to access confidential information over the lnternet. You want to require the partner company employees to use certificate-based authentication to access the extranet Web site. You have a public key infrastructure (PKI), which consists of a stand-alone root certification authority (CA) and an enterprise subordinate CA. The partner company does not have a PKI. You decide to issue certificates from your CA hierarchy to the partner company employees. The partner company certificates will require a different certificate policy than the policy currently used for issuing certificates to internal employees. Certificate revocation checking will be used during certificate-based authentication. You need to implement the necessary PKI changes to comply with these requirements.

You want to achieve this goal by using the minimum amount of administrative effort. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A.
Use a new subordinate CA in your CA hierarchy to issue certificates to partner company employees and to the extranet Web server.

B.
Use the existing subordinate CA in your CA hierarchy to issue certificates to partner company employees and to the extranet Web server.

C.
Add the certificate of the root CA to the Trusted Root Certification Authorities store on the partner company’s computers.

D.
Add the certificate of the subordinate CA to the lntermediate Certification Authorities store on the partner company’s computers.

E.
Create new HTTP Authority lnformation Access (AIA) paths and certificate revocation list (CRL) distribution points that specify locations on the extranet Web site.

F.
Create new LDAP Authority lnformation Access (AIA) paths and certificate revocation list (CRL) distribution points that specify locations in Active Directory.



Leave a Reply 0

Your email address will not be published. Required fields are marked *