Feedback
Home
You may like this!
71.
Which of the following is required for ISE to trust a client certificate?
  • A.
    The client’s private key must be imported into ISE’s Certificate Store.
  • B.
    The signing CA’s public key must be imported to ISE’s Certificate Store.
  • C.
    The signing CA’s private key must be imported into ISE’s Certificate Store.
  • D.
    The signing CA must be part of the Internet’s master PKI hierarchy.
  • Answer & Explanation
  • Report
Answer : [B]
Explanation :
A copy of the signing CA’s public key must be stored at Administration > System > Certificates > Certificate Store, and it needs to have the Trust for Client Authentication option selected.
Report
Name Email  
72.
What determines a digital certificate’s validity period?
  • A.
    Any time leading up to the date listed in the Certificate Expiration field of the X.509 certificate.
  • B.
    A certificate is always valid until it is added to the Certificate Revocation List (CRL).
  • C.
    Any time leading up to the date listed in the Revocation Date field of the X.509 certificate.
  • D.
    The time span between the dates listed in the Valid-From and Valid-To fields of the X.509 certificate.
  • Answer & Explanation
  • Report
Answer : [D]
Explanation :
It’s vital to understand that the Valid-From field is just as important as the Valid-To field. A certificate will be rejected if it is issued for a date and time after the current date and time. This is why NTP is so critical for PKI.
Report
Name Email  
73.
True or False? Certificate Revocation List (CRL) is the only revocation status mechanism supported by ISE.
  • A.
    True
  • B.
    False
  • Answer & Explanation
  • Report
Answer : [B]
Explanation :
ISE supports checking both CRL and Online Certificate Status Protocol (OCSP). OCSP is the preferred method for scalability and security reasons.
Report
Name Email  
74.
True or False? ISE will ignore the CRL distribution point listed in the X.509 client certificate.
  • A.
    True
  • B.
    False
  • Answer & Explanation
  • Report
Answer : [A]
Explanation :
ISE will only leverage the CRL distribution point configured within the trusted certificate store for that signing CA and ignore the field that is in the client’s certificate.
Report
Name Email  
75.
How does ISE validate proof of possession for a client’s certificate?
  • A.
    ISE encrypts data with a combination of ISE’s private key and the client’s public key.
  • B.
    ISE encrypts data with a combination of ISE’s public key and the client’s private key.
  • C.
    ISE sends a message to the end user, requesting a screen shot of the private key.
  • D.
    ISE encrypts data with a combination of ISE’s private key and the client’s private key.
  • Answer & Explanation
  • Report
Answer : [A]
Explanation :
ISE sends some “throw-away data” to the client that is encrypted with the combination of ISE’s private key and the client’s public key (the certificate sent for authentication). Then the endpoint must decrypt the data with the combination of its private key and the server ’s public key, proving the client has the full key pair and not just a copy of a public key.
Report
Name Email  
 
  © 2024 infibee.com. All Rights Reserved.   Copyright | Privacy Policy | Sitemap  
Contact us on : info@infibee.com  
 
 
Share   Facebook   Twitter   Google +   Digg