New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GSLC Exam - Topic 2 Question 48 Discussion

Actual exam question for GIAC's GSLC exam
Question #: 48
Topic #: 2
[All GSLC Questions]

You work as a Network Administrator for Net World International. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. All client computers on the network run Windows XP Professional.

You configure a public key infrastructure (PKI) on the network. You configure a root CA and a subordinate CA on the network. For security reasons, you want to take the root CA offline. You are required to configure the CA servers to support for certificate revocation. Choose the steps you will require to accomplish the task.

A .

Show Suggested Answer Hide Answer
Suggested Answer: B

by Onita at May 29, 2024, 12:20 AM

Limited Time Offer

25%

Off

Get Premium GSLC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lino
3 months ago
Agreed, but it's still a common setup in many places.
upvoted 0 times
...
Enola
3 months ago
Wait, are we sure about the Windows Server 2003 setup? Seems outdated.
upvoted 0 times
...
Fatima
3 months ago
You need to configure CRLs for revocation support.
upvoted 0 times
...
Paul
4 months ago
I think taking it offline is a bit risky though.
upvoted 0 times
...
Brande
4 months ago
Root CA should definitely be offline for security!
upvoted 0 times
...
Nathalie
4 months ago
I vaguely remember something about publishing the CRL and ensuring the subordinate CA is configured correctly. I just need to focus on the order of operations.
upvoted 0 times
...
Giuseppe
4 months ago
I feel like I might confuse the steps for revocation with the initial CA setup. I hope the options are clear enough to help me choose the right one.
upvoted 0 times
...
Elenora
4 months ago
I think we practiced a similar question about setting up a subordinate CA. I believe it involves configuring the CRL distribution points, but I can't recall the details.
upvoted 0 times
...
Dominga
5 months ago
I remember we discussed the importance of taking the root CA offline for security, but I'm not entirely sure about the exact steps for configuring certificate revocation.
upvoted 0 times
...
Silvana
5 months ago
This question covers a lot of PKI concepts. I'll need to take my time and make sure I understand each step before answering. Careful planning will be important here.
upvoted 0 times
...
Maxima
5 months ago
Okay, I think I've got a good handle on this. The key is to set up an Online Responder and configure the CRLs on the subordinate CA. I'll make sure to walk through that methodically.
upvoted 0 times
...
Cheryll
5 months ago
Hmm, I'm a bit unsure about the specifics of configuring the CAs to support certificate revocation. I'll need to double-check the details on that.
upvoted 0 times
...
Stefany
5 months ago
This seems like a straightforward PKI configuration question. I'll need to carefully review the steps to take the root CA offline while still supporting certificate revocation.
upvoted 0 times
...
Anisha
5 months ago
Ah, I've got it! The answer is C, GET_DDL. That's the SQL command that will show me the full CREATE definition of the masking policy.
upvoted 0 times
...
Matilda
5 months ago
I think we start with identifying capital addition projects first, right? It seems like that would be the logical first step.
upvoted 0 times
...
Karl
5 months ago
This seems like a straightforward question about consumer privacy directives. I'll focus on identifying the key points from the FTC report and matching them to the answer choices.
upvoted 0 times
...
Vallie
5 months ago
Hmm, I think the key here is to methodically check each of the configuration parameters mentioned in the answer choices. Matching the settings between the routers should resolve the EXSTART/EXCHANGE issue.
upvoted 0 times
...
Emeline
10 months ago
Remember, no peeking at your neighbor's screen during the exam! That's a one-way ticket to disqualification.
upvoted 0 times
Adelina
9 months ago
Yes, Option C seems like the right choice for configuring the CA servers to support certificate revocation.
upvoted 0 times
...
Shenika
9 months ago
I believe we should choose Option C to accomplish the task.
upvoted 0 times
...
Ahmad
10 months ago
I think we need to configure the CA servers to support for certificate revocation. What do you think?
upvoted 0 times
...
...
Erick
10 months ago
I'll go with Option A. Keeping the root CA offline and using OCSP and CRLs sounds like a solid security approach.
upvoted 0 times
Virgilio
9 months ago
User 4: It's important to follow best practices when it comes to PKI security.
upvoted 0 times
...
Dudley
9 months ago
User 3: Using OCSP and CRLs will help ensure certificate revocation is handled properly.
upvoted 0 times
...
Norah
10 months ago
User 2: Definitely, keeping the root CA offline adds an extra layer of protection.
upvoted 0 times
...
Joye
10 months ago
User 1: I agree, Option A seems like the best choice for security.
upvoted 0 times
...
...
Erick
10 months ago
Hmm, Option D has a funny name - 'All of the above'. I wonder if the exam writer has a sense of humor!
upvoted 0 times
...
Truman
10 months ago
I'm not sure, but Option C seems to involve the root CA being offline, which is what the question is asking for.
upvoted 0 times
Tarra
10 months ago
User 2: Yeah, I agree. Taking the root CA offline is crucial for security.
upvoted 0 times
...
Lenny
10 months ago
User 1: I think Option C is the right choice.
upvoted 0 times
...
...
Malcom
11 months ago
Option A looks like the right choice here. Configuring an Online Certificate Status Protocol (OCSP) server and publishing CRLs seem like the necessary steps to support certificate revocation.
upvoted 0 times
Darrel
10 months ago
Option D doesn't seem relevant for configuring CA servers to support certificate revocation. I would go with Option A.
upvoted 0 times
...
Kami
10 months ago
I'm not sure about Option C. It doesn't seem as necessary as the other options for supporting certificate revocation.
upvoted 0 times
...
Elfriede
10 months ago
I think Option B could also be a good choice. It's important to have a backup plan for certificate revocation.
upvoted 0 times
...
Tamekia
10 months ago
I agree, Option A seems like the best choice. Setting up an OCSP server is crucial for certificate revocation.
upvoted 0 times
...
...
Miles
11 months ago
I believe Option C might be the right choice for this task.
upvoted 0 times
...
Mi
11 months ago
I agree. It's important for security reasons to have that in place.
upvoted 0 times
...
Miles
11 months ago
I think we need to configure the CA servers to support certificate revocation.
upvoted 0 times
...

Save Cancel