You need to ensure that CA2 can issue certificates for the CA hierarchy

HOTSPOT
You plan to deploy a certification authority (CA) infrastructure that contains the following servers:
 An offline standalone root CA named CA1
 An enterprise subordinate CA named CA2
On all of the computers, you import the root CA certificate from CA1 to the Trusted Root Certification
Authorities Certificates store.
You need to ensure that CA2 can issue certificates for the CA hierarchy.
What should you do? To answer, select the appropriate options in the answer area.

HOTSPOT
You plan to deploy a certification authority (CA) infrastructure that contains the following servers:
 An offline standalone root CA named CA1
 An enterprise subordinate CA named CA2
On all of the computers, you import the root CA certificate from CA1 to the Trusted Root Certification
Authorities Certificates store.
You need to ensure that CA2 can issue certificates for the CA hierarchy.
What should you do? To answer, select the appropriate options in the answer area.

Answer:



Leave a Reply 3

Your email address will not be published. Required fields are marked *


Vintro

Vintro

Options for Drop Down are
A. CA1.
B. CA2.

Answers
1. > A. : Set the CRL and AIA to CA2 (?)
2. > B. : So CA2 can issue Certificates.
3. > A. : Create a certificate to install on another CA that clients will trust.
4. > B. : So clients will trust CA2 as a CA.

dny99gha

dny99gha

The first one is A – here is why:

If you think about it, it makes good sense, since CA1 is offline, nobody would be able to download the CRL or the root cert (AIA = root cert), so before the cert for CA2 is issued, it is important that the settings for those are changed to CA2, so clients will go there to get the CRL and root cert for CA1 🙂