Passed 70-214

Discussion in 'MCSE' started by Ben, Dec 15, 2004.

  1. Ben

    Ben Guest

    Passed 70-214 yesterday, with a score of 878, not to bad, my weakness was
    PKI & certificate issuing, which I though I was ok on. Will be reviewing
    that topic before I take 70-218 after Christmas!

    Ben

    IT Professional, MCP 70-210, 70-214, 70-215
    "On my way to becoming fully certifiable!"

    P.S. Merry Christmas Everyone!
    Ben, Dec 15, 2004
    #1
    1. Advertising

  2. Congrats. There is not a lot of info on W2K PKI. There is tons of it for
    W2003 and MOST will apply if you remember that type two certificate
    templates only apply to Windows 2003 Enterprise Server CA. Otherwise the
    links below may help.

    http://www.microsoft.com/windows2000/techinfo/planning/security/advcertsteps.asp
    http://www.microsoft.com/WINDOWS2000/techinfo/planning/security/autocertsteps.asp

    Other key points.

    -- Only enterprise CA can issue smart card certificates.
    -- Enterprise CA can only be installed on domain computers.
    -- User can request certificate through mmc only if the are a domain me in
    a domain with an enterprise CA.
    -- Stand alone CA's only allow users to enroll through Web Enrollment.
    -- User needs read and enroll permissions to certificate template to get a
    certificate.
    -- L2tp requires machine certificate on VPN client and VPN server.
    -- Certificate templates are managed through AD Sites and Services but you
    need to select view for services.
    -- The issuing CA's certificate needs to be in a computer's local
    certificate store for "trusted root certificates"
    before it will trust certificates presented to it from that CA.

    Steve


    "Ben" <> wrote in message
    news:%...
    > Passed 70-214 yesterday, with a score of 878, not to bad, my weakness was
    > PKI & certificate issuing, which I though I was ok on. Will be reviewing
    > that topic before I take 70-218 after Christmas!
    >
    > Ben
    >
    > IT Professional, MCP 70-210, 70-214, 70-215
    > "On my way to becoming fully certifiable!"
    >
    > P.S. Merry Christmas Everyone!
    >
    >
    Steven L Umbach, Dec 15, 2004
    #2
    1. Advertising

  3. Ben

    Ben Guest

    Hi Steve,

    Thanks for the info, it's given me some good bedtime reading! I hear there
    is a 3 day course on PKI, which I might try and get my company to send me
    on. I also have a few books, but it's trying to find the time to read them.

    I believe some of the questions I got wrong were based around who should
    have a certificate when trying to secure communications i.e. how do you
    secure the accounts web server - install a certificate on the web server,
    install a certificate on the accountants PC, or issue a certificate to the
    accountant user

    Can't remember which I said now, think I changed my answer when I went back
    and reviewed the questions.

    Anyway, many thanks for your help!

    Ben

    "Steven L Umbach" <> wrote in message
    news:ZH_vd.237050$HA.182413@attbi_s01...
    > Congrats. There is not a lot of info on W2K PKI. There is tons of it for
    > W2003 and MOST will apply if you remember that type two certificate
    > templates only apply to Windows 2003 Enterprise Server CA. Otherwise the
    > links below may help.
    >
    >

    http://www.microsoft.com/windows2000/techinfo/planning/security/advcertsteps.asp
    >

    http://www.microsoft.com/WINDOWS2000/techinfo/planning/security/autocertsteps.asp
    >
    > Other key points.
    >
    > -- Only enterprise CA can issue smart card certificates.
    > -- Enterprise CA can only be installed on domain computers.
    > -- User can request certificate through mmc only if the are a domain me

    in
    > a domain with an enterprise CA.
    > -- Stand alone CA's only allow users to enroll through Web Enrollment.
    > -- User needs read and enroll permissions to certificate template to get

    a
    > certificate.
    > -- L2tp requires machine certificate on VPN client and VPN server.
    > -- Certificate templates are managed through AD Sites and Services but

    you
    > need to select view for services.
    > -- The issuing CA's certificate needs to be in a computer's local
    > certificate store for "trusted root certificates"
    > before it will trust certificates presented to it from that CA.
    >
    > Steve
    >
    >
    > "Ben" <> wrote in message
    > news:%...
    > > Passed 70-214 yesterday, with a score of 878, not to bad, my weakness

    was
    > > PKI & certificate issuing, which I though I was ok on. Will be reviewing
    > > that topic before I take 70-218 after Christmas!
    > >
    > > Ben
    > >
    > > IT Professional, MCP 70-210, 70-214, 70-215
    > > "On my way to becoming fully certifiable!"
    > >
    > > P.S. Merry Christmas Everyone!
    > >
    > >

    >
    >
    Ben, Dec 16, 2004
    #3
  4. OK Ben. Good luck!

    To enable ssl that will encrypt all web traffic to that server via https you
    only need a certificate/private key on the web server, kind of like when you
    go to Amazon or such and order something and see that it is a secure
    connection. --- Steve


    "Ben" <> wrote in message
    news:ubr%...
    > Hi Steve,
    >
    > Thanks for the info, it's given me some good bedtime reading! I hear there
    > is a 3 day course on PKI, which I might try and get my company to send me
    > on. I also have a few books, but it's trying to find the time to read
    > them.
    >
    > I believe some of the questions I got wrong were based around who should
    > have a certificate when trying to secure communications i.e. how do you
    > secure the accounts web server - install a certificate on the web server,
    > install a certificate on the accountants PC, or issue a certificate to the
    > accountant user
    >
    > Can't remember which I said now, think I changed my answer when I went
    > back
    > and reviewed the questions.
    >
    > Anyway, many thanks for your help!
    >
    > Ben
    >
    > "Steven L Umbach" <> wrote in message
    > news:ZH_vd.237050$HA.182413@attbi_s01...
    >> Congrats. There is not a lot of info on W2K PKI. There is tons of it for
    >> W2003 and MOST will apply if you remember that type two certificate
    >> templates only apply to Windows 2003 Enterprise Server CA. Otherwise the
    >> links below may help.
    >>
    >>

    > http://www.microsoft.com/windows2000/techinfo/planning/security/advcertsteps.asp
    >>

    > http://www.microsoft.com/WINDOWS2000/techinfo/planning/security/autocertsteps.asp
    >>
    >> Other key points.
    >>
    >> -- Only enterprise CA can issue smart card certificates.
    >> -- Enterprise CA can only be installed on domain computers.
    >> -- User can request certificate through mmc only if the are a domain me

    > in
    >> a domain with an enterprise CA.
    >> -- Stand alone CA's only allow users to enroll through Web Enrollment.
    >> -- User needs read and enroll permissions to certificate template to get

    > a
    >> certificate.
    >> -- L2tp requires machine certificate on VPN client and VPN server.
    >> -- Certificate templates are managed through AD Sites and Services but

    > you
    >> need to select view for services.
    >> -- The issuing CA's certificate needs to be in a computer's local
    >> certificate store for "trusted root certificates"
    >> before it will trust certificates presented to it from that CA.
    >>
    >> Steve
    >>
    >>
    >> "Ben" <> wrote in message
    >> news:%...
    >> > Passed 70-214 yesterday, with a score of 878, not to bad, my weakness

    > was
    >> > PKI & certificate issuing, which I though I was ok on. Will be
    >> > reviewing
    >> > that topic before I take 70-218 after Christmas!
    >> >
    >> > Ben
    >> >
    >> > IT Professional, MCP 70-210, 70-214, 70-215
    >> > "On my way to becoming fully certifiable!"
    >> >
    >> > P.S. Merry Christmas Everyone!
    >> >
    >> >

    >>
    >>

    >
    >
    Steven L Umbach, Dec 16, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ben
    Replies:
    4
    Views:
    464
    Christopher...
    Aug 13, 2003
  2. Paul

    Passed 70-214 today!

    Paul, Aug 23, 2003, in forum: MCSE
    Replies:
    4
    Views:
    443
    =?Utf-8?B?TWlrZSBT?=
    Oct 9, 2003
  3. Brendon Rogers

    Passed 70-214

    Brendon Rogers, Oct 28, 2003, in forum: MCSE
    Replies:
    5
    Views:
    411
    Rowdy
    Oct 29, 2003
  4. Nettransplant

    70-214 passed

    Nettransplant, Nov 12, 2003, in forum: MCSE
    Replies:
    7
    Views:
    453
    Marlin Munrow
    Nov 16, 2003
  5. Mark Scott

    Passed 214 today, on to 224!

    Mark Scott, Feb 19, 2004, in forum: MCSE
    Replies:
    3
    Views:
    415
Loading...

Share This Page