7.5 Public Key Infrastructure
What is the lifecycle of an encryption key?
About a one time use.
A private key has been stolen. Which action should you take to deal with this crisis? - Delete the public key - Recover the private key from escrow - Add the digital certificate to the CRL - Place the private key in escrow
Add the digital certificate to the CRL
Which trust model would be used to connect the CAs of two organization's?
Bridge Trust model.
Which standard defines the format of certificates?
509 Standard
Certificate authorities
Certificate authorities are reputable organizations that are responsible for issuing public certificates to companies or organizations that want to securely communicate over the internet.
Certificate chaining
Certificate authorities are usually setup in a hierarchy of multiple CAs to increase security. This structure is known as certificate chaining or the chain of trust.
To obtain a digital certificate and participate in a public key infrastructure (PKI), what must be submitted and where? - Identifying data with the 3DES block cipher to the hosting certificate authority (CA) - Identifying data and a secret key request to the subordinate distribution authority (DA) - Identifying data with the MAC and IP addresses to the root certificate authority (CA) - Identifying data and a certification request to the registration authority (RA)
Identifying data and a certification request to the registration authority (RA)
You are concerned that if a private key is lost, all documents encrypted with your private key will be inaccessible. Which service should you use to solve this problem? - RA - OCSP - CSP - Key escrow
Key escrow
In the certificate authority trust model known as a hierarchy, where does trust start? - Registration authority - Third-party CA - Issuing CA - Root CA
Root CA
An SSL client has determined that the certificate authority (CA) issuing a server's certificate is on its list of trusted CAs. What is the next step in verifying the server's identity? - The domain on the server certificate must match the CA's domain name. - The post-master secret must initiate subsequent communication. - The CA's public key must validate the CA's digital signature on the server certificate. - The master secret is generated from common key code.
The CA's public key must validate the CA's digital signature on the server certificate.
Which of the following would require that a certificate be placed on the CRL? - The signature key size is revealed. - The private key is compromised. - The encryption key algorithm is revealed. - The certificate validity period is exceeded.
The private key is compromised.
X.509
The standard that defines the format of certificates.
What is the role of a certificate authority (CA)?
Validates the information and issues the certificate.
Which standard is most widely used for certificates? - SSL v.3.0 - 802.1x - X.509 - HTTP 1.1
X.509
Which of the following items are contained in a digital certificate? (Select two.) - Root CA secret key - Public key - Validity period - Private key
- Public key - Validity period
What are the types of certificates?
- Root Certificate - Subject Alternative Name (SAN) - Wildcard Certificate - Code Signing Certificate - Self-Signed Certificate - Email Certificate - User and Computer Certificate
Trust model
A PKI uses a trust model to establish trust between two communicating entities. Depending on the number of CAs being implemented and the use, there are a few configurations that can be used to setup certificate authorities.
A PKI is an implementation for managing which type of encryption? - Hashing - Asymmetric - Steganography - Symmetric
Asymmetric
Which technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large, complex environments? - Key escrow - Online Certificate Status Protocol - Certificate Revocation List - Private key recovery
Online Certificate Status Protocol
Public key infrastructure(PKI)
PKI is an environment in which public encryption keys can be created and managed throughout the key lifecycle.