EXERCISE 12.01.E XERCISE 12.03R EQUESTING A C ERTIFICATE FROM A W EB S...

6. - MCSE EXAM 70 293 PLANNING AND MAINTAINING A WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE PHẦN 9 PPT
MCSE EXAM 70 293 PLANNING AND MAINTAINING A WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE PHẦN 9 PPT
6. As a member of the PKI design team in your company, you are charged with inte-grating one of your subsidiaries that already has a PKI with your office’s PKI.Thecurrent proposal on the table has a second-tier CA located in your local PKI issuingcertificates to a second-tier CA located on the subsidiary’s PKI, and vice-versa. Bothinfrastructures are Windows Server 2003 based.Your company’s security goals, how-ever, mandate that only certain certificates be used on your PKI if they are issuedfrom the subsidiary’s CA, but all your CA’s certificates need to be trusted by the sub-sidiary.What is your assessment?A. Both your office and the subsidiary will need to create a CTL that has a limitedtrust chain length on your side.B. The subsidiary’s CA needs to be reconfigured as your CA’s subordinate.C. A cross-trust needs to be created, and the type of acceptable certificates for yourCA narrowed by using qualified subordination policies.D. This arrangement is not possible under Windows Server 2003.The companyneeds to implement a third-party PKI.