7.5 Public Key Infrastructure

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What is the lifecycle of an encryption key?

About a one time use.

A private key has been stolen. Which action should you take to deal with this crisis? - Delete the public key - Recover the private key from escrow - Add the digital certificate to the CRL - Place the private key in escrow

Add the digital certificate to the CRL

Which trust model would be used to connect the CAs of two organization's?

Bridge Trust model.

Which standard defines the format of certificates?

509 Standard

Certificate authorities

Certificate authorities are reputable organizations that are responsible for issuing public certificates to companies or organizations that want to securely communicate over the internet.

Certificate chaining

Certificate authorities are usually setup in a hierarchy of multiple CAs to increase security. This structure is known as certificate chaining or the chain of trust.

To obtain a digital certificate and participate in a public key infrastructure (PKI), what must be submitted and where? - Identifying data with the 3DES block cipher to the hosting certificate authority (CA) - Identifying data and a secret key request to the subordinate distribution authority (DA) - Identifying data with the MAC and IP addresses to the root certificate authority (CA) - Identifying data and a certification request to the registration authority (RA)

Identifying data and a certification request to the registration authority (RA)

You are concerned that if a private key is lost, all documents encrypted with your private key will be inaccessible. Which service should you use to solve this problem? - RA - OCSP - CSP - Key escrow

Key escrow

In the certificate authority trust model known as a hierarchy, where does trust start? - Registration authority - Third-party CA - Issuing CA - Root CA

Root CA

An SSL client has determined that the certificate authority (CA) issuing a server's certificate is on its list of trusted CAs. What is the next step in verifying the server's identity? - The domain on the server certificate must match the CA's domain name. - The post-master secret must initiate subsequent communication. - The CA's public key must validate the CA's digital signature on the server certificate. - The master secret is generated from common key code.

The CA's public key must validate the CA's digital signature on the server certificate.

Which of the following would require that a certificate be placed on the CRL? - The signature key size is revealed. - The private key is compromised. - The encryption key algorithm is revealed. - The certificate validity period is exceeded.

The private key is compromised.

X.509

The standard that defines the format of certificates.

What is the role of a certificate authority (CA)?

Validates the information and issues the certificate.

Which standard is most widely used for certificates? - SSL v.3.0 - 802.1x - X.509 - HTTP 1.1

X.509

Which of the following items are contained in a digital certificate? (Select two.) - Root CA secret key - Public key - Validity period - Private key

- Public key - Validity period

What are the types of certificates?

- Root Certificate - Subject Alternative Name (SAN) - Wildcard Certificate - Code Signing Certificate - Self-Signed Certificate - Email Certificate - User and Computer Certificate

Trust model

A PKI uses a trust model to establish trust between two communicating entities. Depending on the number of CAs being implemented and the use, there are a few configurations that can be used to setup certificate authorities.

A PKI is an implementation for managing which type of encryption? - Hashing - Asymmetric - Steganography - Symmetric

Asymmetric

Which technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large, complex environments? - Key escrow - Online Certificate Status Protocol - Certificate Revocation List - Private key recovery

Online Certificate Status Protocol

Public key infrastructure(PKI)

PKI is an environment in which public encryption keys can be created and managed throughout the key lifecycle.


Kaugnay na mga set ng pag-aaral

AFA Final Exam Practice Questions

View Set

D-A-CH KULTUR + CULTURE of GERMANY-AUSTRIA-SWITZERLAND What comes from D-A-CH?

View Set

Business Policy and Strategic Management Ch 1-3

View Set

Mental Health Unit 3: Obsessive Compulsive and Other Disorders

View Set

Con Law: Chapter 7 (Reconstruction Amendments)

View Set

AVMT 2070- Aircraft Landing Gear

View Set

MOBILITY TECHNIQUES & DEVICES - LIPPINCOTT - PREP U

View Set