Security+ CH 6

¡Supera tus tareas y exámenes ahora con Quizwiz!

​SSL and TLS keys of what length are generally considered to be strong? 128 1024 2048 4096

4096

Public Key Cryptography Standards (PKCS) _____. are widely accepted in the industry are used to create public keys only define how hashing algorithms are created have been replaced by PKI

are widely accepted in the industry

Which of these is NOT part of the certificate life cycle? revocation authorization creation expiration

authorization

A _____ is a specially formatted encrypted message that validates the information the CA requires to issue a digital certificate. Certificate Signing Request (CSR) digital digest FQDN form digital certificate

Certificate Signing Request (CSR)

Select below the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates: Registration Authority Delegation Authority Certification Authority Participation Authority

Certification Authority

_____ performs a real-time lookup of a digital certificate's status. Certificate Revocation List (CRL) Online Certificate Status Protocol (OCSP) CA Registry Database (CARD) Real-Time CA Verification (RTCAV)

Online Certificate Status Protocol (OCSP)

Why would an administrator NOT renew a key? Once a key is renewed, it is no longer considered authenticated Renewing keys continues their lifespan, making them less reliable Usage of a key recovery agent is no longer an option Keys still provide authentication after expiration

Renewing keys continues their lifespan, making them less reliable

_____ is a protocol for securely accessing a remote computer. Secure Shell (SSH) Secure Sockets Layer (SSL) Secure Hypertext Transport Protocol (SHTTP) Transport Layer Security (TLS)

Secure Shell (SSH)

_____ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. Session Keys Encrypted signatures Digital digests Digital Certificates

Session Keys

​SSL and TLS keys of what length are generally considered to be strong? AES HTTPS ESSL TLS

TLS

A digital certificate associates _____. a user's private key with the public key a private key with a digital signature a user's public key with his private key the user's identity with his public key

the user's identity with his public key

Digital certificates can be used for each of these EXCEPT _____. to encrypt channels to provide secure communication between clients and servers to verify the identity of clients and servers on the Web to verify the authenticity of the Registration Authorizer to encrypt messages for secure email communications

to verify the authenticity of the Registration Authorizer

What is the purpose of suspending a digital certificate rather than revoking it? To ensure the certificate goes through the proper disposal procedures before revocation To limit use of a certificate after an employee temporarily leaves When a certificate is compromised, a suspension can be used while the certificate's key is modified to become secure once again There is no suspension of certificates; all digital certificates must be revoked then recreated

To limit use of a certificate after an employee temporarily leaves

An entity that issues digital certificates is a _____. Certificate Authority (CA) Signature Authority (SA) Certificate Signatory (CS) Digital Signer (DS)

Certificate Authority (CA)

A centralized directory of digital certificates is called a(n) _____. Digital Signature Approval List (DSAP) Certificate Repository (CR) Authorized Digital Signature (ADS) Digital Signature Permitted Authorization (DSPA)

Certificate Repository (CR)

Which of these is considered the weakest cryptographic transport protocol? SSL v2.0 TLS v1.0 TLS v1.1 TLS v1.3

SSL v2.0

A(n) _____ is a published set of rules that govern the operation of a PKI. enforcement certificate (EF) certificate practice statement (CPS) certificate policy (CP) signature resource guide (SRG)

certificate policy (CP)

Which of these is NOT where keys can be stored? in tokens in digests on the user's local system embedded in digital certificates

in digests

Public key infrastructure (PKI) _____. creates private key cryptography is the management of digital certificates requires the use of an RA instead of a CA generates public/private keys automatically

is the management of digital certificates

PKI consists of all of the following EXCEPT what? procedures practices software people

practices

The ______-party trust model supports CA. first second third fourth

third

A digital certificate that turns the address bar green is a(n) _____. Personal Web-Client Certificate Advanced Web Server Certificate (AWSC) X.509 Certificate Extended Validation SSL Certificate

Extended Validation SSL Certificate

Which statement is NOT true regarding hierarchical trust models? The root signs all digital certificate authorities with a single key. It assigns a single hierarchy with one master CA. It is designed for use on a large scale. The master CA is called the root.

It is designed for use on a large scale.

The process by which keys are managed by a third party, such as a trusted CA, is known as? Key escrow Key destruction Key renewal Key managment

Key escrow

_____ refers to a situation in which keys are managed by a third party, such as a trusted CA. Key escrow Remote key administration Trusted key authority Key authorization

Key escrow

How are TLS and SSL currently different in regards to security? TLS and SSL are interchangeable SSL is used externally and TLS is used within private networks TLS v1.2 is considered more secure than any version of SSL SSL v2.0 is more secure than TLS v1.1

TLS v1.2 is considered more secure than any version of SSL

Which of the following does a digital certificate NOT contain? Serial number of the digital certificate The hard-coded MAC address of the owner Name of the issuer Expiration date of the public key @pp 231

The hard-coded MAC address of the owner

The strongest technology that would assure Alice that Bob is the sender of a message is a(n) _____. digital signature encrypted signature digital certificate digest

digital certificate

Why is IPsec considered to be a transparent security protocol?​ ​IPsec packets can be viewed by anyone ​IPsec is designed to not require modifications of programs, or additional training, or additional client setup ​IPsec's design and packet header contents are open sourced technologies ​IPsec uses the Transparent Encryption (TE) algorithm

​IPsec is designed to not require modifications of programs, or additional training, or additional client setup


Conjuntos de estudio relacionados

CompTIA® Security+ Guide to Network Security Fundamentals - Chapter 1 - Introduction to Security

View Set

10.33.R The Pilgrim's Progress, Chapters 2-3; Allusions

View Set

Test 2 Medications: Immune, Oncology, Integumentary

View Set

Tx Teachers / Part 3: Planning Effective Lessons (Quizzes)

View Set