Re: Which one is correct?
From: Brat (likeIwouldtellyou_at_inyourdreams.com)
Date: 05/13/04
- Previous message: SJ: "Re: Over My Head?"
- In reply to: mcsems: "Re: Which one is correct?"
- Next in thread: RG: "Re: Which one is correct?"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 13 May 2004 00:27:50 -0230
you want answers on braindumps? HA! I don't _think_ so... good luck
cheating
-- Sue MCNGP #69 Proud member since April 8, 2002 "mcsems" <mcsems.165yht@mail.mcse.ms> wrote in message news:mcsems.165yht@mail.mcse.ms... > > You are responsible for Public Key Infrastructure (PKI) management for > your network at TestKing Inc. The network consists of a Windows 2000 > Active Directory domain. The network contains a Microsoft Internet > Security and Acceleration (ISA) Server computer that accepts virtual > private network (VPN) connections. The network also contains a Windows > 2000 Server named TestKing1, which runs Internet Information Services > (IIS). TestKing1 is accessible from the Internet. > > The written security policy for TestKing requires L2TP/IPSec > connections. To distribute the required certificates for L2TP > connections, you deploy the > Certification Authority (CA) hierarchy shown in the exhibit. > > http://www.myimgs.com/data/fmh002/exhibit.gif > > RootCA and PolicyCA use stand-alone CA policies and are removed from > the network. IssuingCA issues the IPSec certificates. IPSec > certificates are successfully issued to all remote client computers and > the ISA Server. > > The Certificate Revocation Lists (CRL) for RootCA, PolicyCA, and > IssuingCA are published to Active Directory. The CRL Distribution Point > (CDP) extensions are modified to reference the Active Directory > location of all three CAs. > > When remote client computers attempts to connect to the ISA Server, > their connection attempts fail. At all remote client computers, this > error message appears: "The client was unable to verify the identity of > the server." > > You must ensure that the remote client computers can connect to the ISA > Server with an L2TP/IPSec VPN connection. > > What should you do? > > A. Modify the CDP extension on IssuingCA to include an HTTP URL that > references TestKing1. > Manually publish the CRL to the referenced CDP URLs at TestKing1. > Renew the IssuingCA certificate. > > B. Modify the CDP extension on RootCA, PolicyCA, and IssuingCA to > include an HTTP URL that references TestKing1. > Manually publish the CRLs to the references CDP URLs at TestKing1. > Renew the RootCA, PolicyCA, and IssuingCA certificates. > > C. Modify the CDP extension on IssuingCA to include an HTTP URL that > references TestKing1. > Manually publish the CRL to the referenced CDP URLs at TestKing1. > Revoke all currently issued certificates. > Reissue the IPSec certificates to the ISA Server and the remote client > computers. > > D. Modify the CDP extensions on RootCA, PolicyCA, and IssuingCA to > include an HTTP URL that references TestKing1. > Manually publish the CRLs to the referenced CDP URLs at TestKing1. > Revoke all currently issued certificates. > Reissue the IPSec certificates to the ISA Server and the remote client > computers. > > > > -- > mcsems > ------------------------------------------------------------------------ > Posted via http://www.mcse.ms > ------------------------------------------------------------------------ > View this thread: http://www.mcse.ms/message665101.html >
- Previous message: SJ: "Re: Over My Head?"
- In reply to: mcsems: "Re: Which one is correct?"
- Next in thread: RG: "Re: Which one is correct?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
