Chapter 6

¡Supera tus tareas y exámenes ahora con Quizwiz!

Certificate Signing Request (CSR)

A _____ is a specially formatted encrypted message that validates the information the CA requires to issue a digital certificate. Certificate Signing Request (CSR) digital digest FQDN form digital certificate

Certificate Repository (CR)

A centralized directory of digital certificates is called a(n) _____. Digital Signature Approval List (DSAP) Certificate Repository (CR) Authorized Digital Signature (ADS) Digital Signature Permitted Authorization (DSPA)

the user's identity with his public key

A digital certificate associates _____. a user's private key with the public key a private key with a digital signature a user's public key with his private key the user's identity with his public key

Extended Validation SSL Certificate

A digital certificate that turns the address bar green is a(n) _____. Personal Web-Client Certificate Advanced Web Server Certificate (AWSC) X.509 Certificate Extended Validation SSL Certificate

Certificate practice statement (CPS)

A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate, is known as? Certificate practice statement (CPS) Certificate policy (CP) Lifecycle policy (LP) Access policy (AP)

certificate policy (CP)

A(n) _____ is a published set of rules that govern the operation of a PKI. enforcement certificate (EF) certificate practice statement (CPS) certificate policy (CP) signature resource guide (SRG)

are widely accepted in the industry

Public Key Cryptography Standards (PKCS) _____. are widely accepted in the industry are used to create public keys only define how hashing algorithms are created have been replaced by PKI

is the management of digital certificates

Public key infrastructure (PKI) _____. creates private key cryptography is the management of digital certificates requires the use of an RA instead of a CA generates public/private keys automatically

4096

SSL and TLS keys of what length are generally considered to be strong? ​128 ​1024 ​2048 ​4096

SSH

Select below the secure alternative to the telnet protocol: ​HTTPS ​TLS ​IPsec ​SSH

Hashing

What type of cryptographic algorithm can be used to ensure the integrity of a file's contents? Blocking Hashing Encrypting Cloning

bridge trust

What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs? bridge trust distributed trust third-party trust transitive trust

The hard-coded MAC address of the owner

Which of the following does a digital certificate NOT contain? Serial number of the digital certificate The hard-coded MAC address of the owner Name of the issuer Expiration date of the public key @pp 231

A facilitator interconnects CAs within a bridge trust model

Which of the following explains the importance of a facilitator? A facilitator expedites the certificate validation process A facilitator speeds up the process of blacklisting untrusted certificates A facilitator simplifies the use of digital certificates to end users A facilitator interconnects CAs within a bridge trust model

Authentication of the web server

Which of the following is provided by a server digital certificate? Integrity of the cryptographic connection Authentication the author of a book Secure email transmissions Authentication of the web server

CA Private key

Which of the following is used to digitally sign a certificate? CSR CA Public key Private key RA

authorization

Which of these is NOT part of the certificate life cycle? revocation authorization creation expiration

in digests

Which of these is NOT where keys can be stored? in tokens in digests on the user's local system embedded in digital certificates

SSL v2.0

Which of these is considered the weakest cryptographic transport protocol? SSL v2.0 TLS v1.0 TLS v1.1 TLS v1.3

It is designed for use on a large scale.

Which statement is NOT true regarding hierarchical trust models? The root signs all digital certificate authorities with a single key. It assigns a single hierarchy with one master CA. It is designed for use on a large scale. The master CA is called the root.

Certificate Authority (CA)

An entity that issues digital certificates is a _____. Certificate Authority (CA) Signature Authority (SA) Certificate Signatory (CS) Digital Signer (DS)

expiration

At what stage can a certificate no longer be used for any type of authentication? creation suspension revocation expiration

to verify the authenticity of the Registration Authorizer

Digital certificates can be used for each of these EXCEPT _____. to encrypt channels to provide secure communication between clients and servers to verify the identity of clients and servers on the Web to verify the authenticity of the Registration Authorizer to encrypt messages for secure email communications

TLS v1.2 is considered more secure than any version of SSL

How are TLS and SSL currently different in regards to security? TLS and SSL are interchangeable SSL is used externally and TLS is used within private networks TLS v1.2 is considered more secure than any version of SSL SSL v2.0 is more secure than TLS v1.1

Soft-fail

If a browser cannot connect to the OSCP responder, what does the browser receive in return? An SSL error message OCSP staple Soft-fail The browser crashes

server digital certificate

In order to ensure a secure cryptographic connection between a web browser and a web server, a(n) _____ would be used. web digital certificate email web certificate server digital certificate personal digital certificate

IPSec

The Authentication Header (AH) protocol is a part of what encryption protocol suite below?​ ​TLS 3.0 ​IPSec GPG ​SSL

third

The ______-party trust model supports CA. first second third fourth

digital certificate

The strongest technology that would assure Alice that Bob is the sender of a message is a(n) _____. digital signature encrypted signature digital certificate digest

Certificate Authorities can generate public key certificates

What is the biggest difference between a CA and an RA? RAs generate private keys and CAs generate public keys Certificate Authorities can generate public key certificates CAs primarily process certificate revocation requests RAs are more reliable than CAs

Registration Authority

What is the name for an organization that receives, authenticates, and processes certificate revocation requests? Registration Authority Certificate Authority Repudiation Authority Intermediate Authority

The pre-master secret is used to create a master key, which can then create session keys for symmetric encryption

Why is a pre-master secret an important component of a web browser and web server handshake? The pre-master secret generates a pre-master key that creates asymmetric keys for the transmission The pre-master secret is what shares public and private keys between the involved parties The pre-master secret is used to create a master key, which can then create session keys for symmetric encryption The pre-master secret generates a hash to ensure integrity of the encryption key

Renewing keys continues their lifespan, making them less reliable

Why would an administrator NOT renew a key? Once a key is renewed, it is no longer considered authenticated Renewing keys continues their lifespan, making them less reliable Usage of a key recovery agent is no longer an option Keys still provide authentication after expiration

Using one CA can be inconvenient when entities are located in different geographical areas

Why would an administrator choose to use multiple Registration Authorities when processing certificate requests? RAs cross-reference each other for authenticity The more third-parties sign a digital certificate, the more secure the certificate becomes RAs often become corrupt, which results in reliability fluctuation Using one CA can be inconvenient when entities are located in different geographical areas

Session keys

_____ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. Session keys Encrypted signatures Digital digests Digital certificates

Secure Shell (SSH)

_____ is a protocol for securely accessing a remote computer. Secure Shell (SSH) Secure Sockets Layer (SSL) Secure Hypertext Transport Protocol (SHTTP) Transport Layer Security (TLS)

Online Certificate Status Protocol (OCSP)

_____ performs a real-time lookup of a digital certificate's status. Certificate Revocation List (CRL) Online Certificate Status Protocol (OCSP) CA Registry Database (CARD) Real-Time CA Verification (RTCAV)

Key escrow

_____ refers to a situation in which keys are managed by a third party, such as a trusted CA. Key escrow Remote key administration Trusted key authority Key authorization


Conjuntos de estudio relacionados

Entrepreneurship 6.1 Review (Practice)

View Set

Intro to business chapter 16 Investment Opportunities in the Securities Market

View Set

Economic Applications Midterm, 1 Material

View Set

NCLEX LPN Pharmacological Parenteral Therapies

View Set