Chapter 4 Review

Which of these is NOT part of the certificate life cycle? A. Creation B. Expiration C. Revocation D. Authorization

Authorization

Which trust model has multiple CAs, one of which acts as a facilitator? A. Hierarchical B. Bridge C. Distributed D. Web

Bridge

The strongest technology that would assure Alice that Bob is the sender of a message is a(n) ________. A. Digital Signature B. Digest C. Encrypted Signature D. Digital Certificate

Digital Certificate

Which of the following block ciphers XORs each block of plaintext with the previous block of ciphertext before being encrypted? A. Cipher Block Chaining (CBC) B. Electronic Code Book (ECB) C. Counter (CTR) D. Galois/Counter (GCM)

Cipher Block Chaining (CBC)

What entity calls in crypto modules to perform cryptographic tasks? A. Intermediate CA B. Crypto service provider C. OCSP Chain D. Certificate Authority (CA)

Crypto service provider

________ performs a real-time lookup of a digital certificate's status. A. Online Certificate Status Protocol (OCSP) B. Certificate Revocation List (CRL) C. Real-Time CA Verification (RTCAV) D. CA Registry Database (CARD)

Online Certificate Status Protocol (OCSP)

Which of the following is NOT a method for strengthening a key? A. Length B. Randomness C. Cryptoperiod D. Variability

Variability

An entity that issues digital certificates is a ________. A. Signature Authority (SA) B. Certificate Authority (CA) C. Digital Signer (DS) D. Certificate Signatory (CS)

Certificate Authority (CA)

A(n) ________ is a published set of rules that govern the operation of a PKI. A. Certificate Practice Statement (CPS) B. Signature Resource Guide (SRG) C. Certificate Policy (CP) D. Enforcement Certificate (EF)

Certificate Policy (CP)

A centralized directory of digital certificates is called a(n) ________. A. Certificate Repository (CR) B. Authorized Digital Signature (ADS) C. Digital Signature Approval List (DSAP) D. Digital Signature Permitted Authorization (DSPA)

Certificate Repository (CR)

Which digital certificate displays the name of the entity behind the website? A. Session Certificate B. Online Certificate Status Certificate C. Extended Validation (EV) Certificate D. X.509 Certificate

Extended Validation (EV) Certificate

The security administrator for Conglomerate.com has been been directed by the CIO to reduce the cost of certificates. Which of the following is the FIRST step that should be taken? A. Generate shared public and private keys. B. Install a CA C. Establish a key escrow policy D. Install a RA

Install a CA

Which statement is NOT true regarding hierarchical trust models? A. It is designed for use on a large scale. B. The root signs all digital certificate authorities with a single key. C. It assigns a single hierarchy with one master CA. D. The master CA is called the root.

It is designed for use on a large scale.

________ refers to a situation in which keys are managed by a third party, such as a trusted CA. A. Key Authorization B. Remote Key Administration C. Trusted Key Authority D. Key Escrow

Key Escrow

In Active Directory, what does authorization? A. TACACS+ B. LDAP C. RADIUS D. Kerberos E. SAML

LDAP

What is the faster way for browsers to obtain the revocation status of a digital certificate attached to a Web site? A. Blowfish B. CRL C. OCSP D. Bcrypt E. PBKDF2

OCSP

Which of the following may be used as an alternative to CRLs? A. Root CA B. Cert Escrow C. OCSP D. CSR E. Subordinate CA

OCSP

What is a value that can be used to ensure that hashed plaintext will not consistently result in the same digest? A. Salt B. Algorithm C. Nonce D. Initialization Vector (IV)

Salt

________ is a protocol for securely accessing a remote computer. A. Secure Sockets Layer (SSL) B. Secure Shell (SSH) C. Secure Hypertext Transport Protocol (SHTTP) D. Transport Layer Security (TLS)

Secure Shell (SSH)

________ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. A. Digital Digests B. Encrypted Signatures C. Session Keys D. Digital Certificates

Session Keys

Which of these is considered the strongest cryptographic transport protocol? A. TLS v1.2 B. SSL v2.0 C. TLS v1.0 D. SSL v2.0

TLS v1.2

Public key infrastructure (PKI) ________. A. requires the use of an RA instead of a CA B. creates private key cryptography C. generates public/private keys automatically D. is the management of digital certificates

is the management of digital certificates

A digital certificate associates ________. A. the user's identity with his public key B. a private key with a digital signature C. a user's public key with his private key D. a user's private key with the public key

the user's identity with his public key

Digital certificates can be used for each of these EXCEPT ________. A. to encrypt channels to provide secure communication between clients and servers B. to encrypt messages for secure email communications C. to verify the identity of clients and servers on the Web D. to verify the authenticity of the Registration Authorizer

to verify the authenticity of the Registration Authorizer

A Digital signature is a piece of data digest encrypted with: A. The public key of the key escrow. B. The private key of the receiver. C. The private key of the signer. D. The public key of the receiver. E. The public key of the signer.

The private key of the signer.