pharaoh fortune slot
ExamNotes.net
Welcome, Guest. Please login or register.
November 19, 2017, 11:57:37 PM

Login with username, password and session length
* Home Help Search Login Register
+  ExamNotes.net
|-+  Microsoft (MCSE, MCSD, MOUS, MCAD)
| |-+  MCSE elective exams
| | |-+  70-220
| | | |-+  CAs
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Print
Author Topic: CAs  (Read 723 times)
trebor
Senior Member
Sr. Member
****
Offline Offline

Posts: 412

1


View Profile WWW
CAs
« on: September 09, 2001, 01:53:27 PM »

Wow. I just got my nose out of a book and am looking around for some practice tests and all I find are answers. I don't want to be judgemental but I don't even know what the questions are.

One answer I came across raised an interesting question that I am wondering about and it is that it is recommended that an enterprise root CA (which requires AD)should be taken offline. on the other hand it says in the MS knoweldge base:

"An enterprise root requires access to the Active Directory, which is unavailable if the server is disconnected from the network. You should not install an enterprise root on an offline domain controller."

What is the answer to this paradox?

trebor
Logged
JohnnyBeGood
Senior Member
Full Member
***
Offline Offline

Posts: 241

0


View Profile
CAs
« Reply #1 on: September 10, 2001, 06:14:14 PM »

Taking an enterprise root CA offline is a good idea because once your Issuing and subordinate CA's are up and running and have received certificates from the Enterprise root, there is no need to compromise the security of the root.  If someone(something) does compromise it or it goes down, then the subs and issuing CA's become compromised too.
Logged

_____________
JohnnyB
trebor
Senior Member
Sr. Member
****
Offline Offline

Posts: 412

1


View Profile WWW
CAs
« Reply #2 on: September 15, 2001, 04:38:15 AM »

So lets see AD must be resent when the server is made into a CA. Then you pull out the network cable so that the enterprise root cannot be comprimised.

Is the enterprise root CA still an object in AD when it isn't even part of the network?

Trebor
Logged
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.13 | SMF © 2006-2011, Simple Machines LLC Valid XHTML 1.0! Valid CSS!