Security Chapters 6 and 7
A CA has been compromised and attacks start distributing maliciously signed software updates. Which of the following can be used to warn users about the malicious activity? A. Key Escrow B. Private Key Verification C. Public Key Verification D. Certificate Revocation List (CRL)
D. Certificate Revocation List (CRL)
Which of these is a Cryptographic Message Syntax Standard: Describes the general syntax used for cryptographic data, such as digital signatures? a. PKCS #7 b. PKCS # 10
a. PKCS # 7
This is the topmost CA in the hierarchy and, consequently, the most trusted authority. a. Root CA b. Public CA c. Private CA d. Subordinate CA e. Offline Root CA
a. Root CA
This agreement clearly defines what services are to be provided to the client and what support, if any, will be provided. a. SLA b. BPA c. MOU
a. SLA
The finance department works with a bank which has recently had a number of cyber attacks. The finance department is concerned that the banking website certificates have been compromised. Which of the following can the finance department check to see if any of the bank certificates are still valid? A. Bank's CRL B. Bank's private key C. Bank's key escrow D. Bank's recovery agent
A. Bank's CRL
A company employee needs a certificate to encrypt data. Which of the following would issue a certificate? A. Certificate Authority (CA) B. Key escrow C. Key Escrow Agent D. Registration Authority
A. Certificate Authority (CA)
Which of the following is NOT a factor in the certificate life cycle? a. length of key b. strength of cryptography c. risk of attack d. PKI
D. PKI
Which of the following provides a static record of all certificates that are no longer valid? A. private key B. recovery agent C. CRL D. key escrow
C. CRL
A company's security administrator wants to manage PKI for internal systems to help reduce costs. Which of the following is the first step the administrator should take? A. install a registration server B. generate shared public and private keys C. install a CA D. Establish a key escrow policy
C. install a CA
this is information that should not be provided to individuals outside of the enterprise. a. corporate confidential b. personal confidential c. private d. trade secret e. client confidential
a. corporate confidential
Which of these verifies the identity of entities? a. digital certificates b. certificate authority (CA) c. registration authority (RA) d. certificate repository database e. certificate management system f. certificate signing request
a. digital certificates
this is the sixth step in the Certificate Enrollment Process a. Entity notified b. Certificate installed c. entity requests certificate d. policy applied to request e. RA authenticates entity f. CA issues certificate g. Request sent to CA
a. entity notified
Using proper procedures for gathering evidence from storage devices such as hard drives, floppy disks, and smart cards in order to ensure the integrity of the evidence so that tampering with evidence is not possible. a. evidence collection b. evidence preservation c. chain of custody d. jurisdiction
a. evidence collection
This is when the life cycle begins when the root CA has assigned its self-signed key pair. The root CA then begins assigning certificates to other CAs and end users. a. Issuance b. Enrollment c. Renewal d. Revocation e. Expiration f. Suspension
a. issuance
A system administrator is notified by a staff member that their laptop has been lost. The laptop contains the user's digital certificate. Which of the following will help resolve the issue? (Choose two) a. revoke the digital certificate b. mark the key as private and import it c. restore the certificate using a CRL d. issue a new digital certificate e. restore the certificate using a recovery agent
a. revoke the digital certificate and d. issue a new digital certificate
Which of the following is in the recommended temperature range for a computer facility? a. 56 F b. 73 F c. 78 F d. 81 F
b. 73 F
This agreement defines how a partnership between business entities will be conducted and what exactly is expected of each entity in terms of services, finances, and security. The agreement should describe exactly what the partners are willing to share with each other, and how any inter-organizational access will be handled. a. SLA b. BPA c. MOU
b. BPA
which of these is a Certification Request Syntax Standard: Describes the syntax used to request certification of a public key and other information? a. PKCS # 7 b. PKCS # 10
b. PKCS # 10
This is a CA that is created by a third-party or commercial vendor for general access by the public? a. Root CA b. Public CA c. Private CA d. Subordinate CA e. Offline Root CA
b. Public CA
which of these issue digital certificates to computers, users, or applications? a. digital certificates b. certificate authority (CA) c. registration authority (RA) d. certificate repository database e. certificate management system f. certificate signing request
b. certificate authority (CA)
this is the last step in the Certificate Enrollment process a. Entity notified b. Certificate installed c. entity requests certificate d. policy applied to request e. RA authenticates entity f. CA issues certificate g. Request sent to CA
b. certificate installed
Which of these is an electronic document that associates credentials with a public key? A. key escrow b. digital certificate c. certificate authority d. registration server
b. digital certificate
Users and other entities can now obtain certificates from the CA, through this process. a. Issuance b. Enrollment c. Renewal d. Revocation e. Expiration f. Suspension
b. enrollment
criminal cases or even internal security incidents can take months or years to resolve. Companies must be able to properly secure and store all gathered evidence for a lengthy period of time a. evidence collection b. evidence preservation c. chain of custody d. jurisdiction
b. evidence preservation
Information of a personal nature that should be protected. a. corporate confidential b. personal confidential c. private d. trade secret e. client confidential
b. personal confidential
What is the recommended humidity range in a computer facility? a. 20-40% b. 30-50% c. 40-60% d. minimum of 80%
c. 40-60%
This is the first step in the Certificate Enrollment process. a. Entity notified b. Certificate installed c. entity requests certificate d. policy applied to request e. RA authenticates entity f. CA issues certificate g. Request sent to CA
c. Entity requests certificate
This type of agreement is usually not legally binding and typically does not involve the exchange of money. They are less formal than traditional contracts, but still have a certain degree of significance to all parties involved. a. SLA b. BPA c. MOU
c. MOU
which of the following is NOT part of a Public Key Infrastructure (PKI)? a. CA b. certificate c. RADIUS Server d. cryptographic components
c. RADIUS server
When logging visitors, which of the following is NOT required to document? a. name b. date and time of visit c. all areas accessed during visit d. contact within the organization
c. all areas accessed during visit
a maintained list of all entities that have handled any items involved in an investigation, and also where and how the evidence was stored. a. evidence collection b. evidence preservation c. chain of custody d. jurisdiction
c. chain of custody
correspondence between two people that should be safeguarded and not be accessible to others a. corporate confidential b. personal confidential c. private d. trade secret e. client confidential
c. private
This is a CA created by a company for use primarily within the company itself a. Root CA b. Public CA c. Private CA d. Subordinate CA e. Offline Root CA
c. private CA
which of these is responsible for verifying users' identities and approving or denying requests for digital certificates? a. digital certificates b. certificate authority (CA) c. registration authority (RA) d. certificate repository database e. certificate management system f. certificate signing request
c. registration authority (RA)
Certificates can be reissued more than once depending on the certificate policy parameters in this process. a. Issuance b. Enrollment c. Renewal d. Revocation e. Expiration f. Suspension
c. renewal
which of these stores digital certificates? a. digital certificates b. certificate authority (CA) c. registration authority (RA) d. certificate repository database e. certificate management system f. certificate signing request
d. certificate repository database
who has the right to investigate/prosecute a particular case a. evidence collection b. evidence preservation c. chain of custody d. jurisdiction
d. jurisdiction
This is the third step in the Certificate Enrollment process a. Entity notified b. Certificate installed c. entity requests certificate d. policy applied to request e. RA authenticates entity f. CA issues certificate g. Request sent to CA
d. policy applied to requesst
certificates can be cancelled or blocked before their expiration date, which renders them permanently invalid. This can happen for a variety of reasons, including misuse, loss, or compromise. a. Issuance b. Enrollment c. Renewal d. Revocation e. Expiration f. Suspension
d. revocation
This is any CAs below the root in the hierarchy a. Root CA b. Public CA c. Private CA d. Subordinate CA e. Offline Root CA
d. subordinate CA
corporate intellectual property that, if released, will present serious damage to the company's ability to protect patents and processes a. corporate confidential b. personal confidential c. private d. trade secret e. client confidential
d. trade secret
This a strategy that ensures that the root CA is not accessible by anyone on the network and thus, it is much less likely to be compromised. a. Root CA b. Public CA c. Private CA d. Subordinate CA e. Offline Root CA
e. Offline Root CA
This is the second step in the Certificate Enrollment process a. Entity notified b. Certificate installed c. entity requests certificate d. policy applied to request e. RA authenticates entity f. CA issues certificate g. Request sent to CA
e. RA authenticates entity
which of these provides software tools to perform the day-to-day functions of the PKI? a. digital certificates b. certificate authority (CA) c. registration authority (RA) d. certificate repository database e. certificate management system f. certificate signing request
e. certificate management system
corporate information or intellectual property that is protected by a NDA. Typically used to protect a company's customer information confidential a. corporate confidential b. personal confidential c. private d. trade secret e. client confidential
e. client confidential
Certificates are only good for a given length of time, which is established in the certificate policy and configured in the issuing CA. The parameter is part of the certificate data. If the root CA's certificate exceeds the date, the entire CA becomes invalid. a. Issuance b. Enrollment c. Renewal d. Revocation e. Expiration f. Suspension
e. expiration
this is the fifth step in the Certificate Enrollment process a. Entity notified b. Certificate installed c. entity requests certificate d. policy applied to request e. RA authenticates entity f. CA issues certificate g. Request sent to CA
f. CA issues certificate
which of these sends a message to a CA in which a resource applies for a certificate? a. digital certificates b. certificate authority (CA) c. registration authority (RA) d. certificate repository database e. certificate management system f. certificate signing request
f. certificate signing request
Some CAs support temporary denial or blocking of a certificate, in addtion to permanent revocation. a. Issuance b. Enrollment c. Renewal d. Revocation e. Expiration f. Suspension
f. suspension
this is the fourth step in the Certificate Enrollment process a. Entity notified b. Certificate installed c. entity requests certificate d. policy applied to request e. RA authenticates entity f. CA issues certificate g. Request sent to CA
g. request sent to CA