Chapter 6
Certificate Signing Request (CSR)
A _____ is a specially formatted encrypted message that validates the information the CA requires to issue a digital certificate. Certificate Signing Request (CSR) digital digest FQDN form digital certificate
Certificate Repository (CR)
A centralized directory of digital certificates is called a(n) _____. Digital Signature Approval List (DSAP) Certificate Repository (CR) Authorized Digital Signature (ADS) Digital Signature Permitted Authorization (DSPA)
the user's identity with his public key
A digital certificate associates _____. a user's private key with the public key a private key with a digital signature a user's public key with his private key the user's identity with his public key
Extended Validation SSL Certificate
A digital certificate that turns the address bar green is a(n) _____. Personal Web-Client Certificate Advanced Web Server Certificate (AWSC) X.509 Certificate Extended Validation SSL Certificate
Certificate practice statement (CPS)
A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate, is known as? Certificate practice statement (CPS) Certificate policy (CP) Lifecycle policy (LP) Access policy (AP)
certificate policy (CP)
A(n) _____ is a published set of rules that govern the operation of a PKI. enforcement certificate (EF) certificate practice statement (CPS) certificate policy (CP) signature resource guide (SRG)
are widely accepted in the industry
Public Key Cryptography Standards (PKCS) _____. are widely accepted in the industry are used to create public keys only define how hashing algorithms are created have been replaced by PKI
is the management of digital certificates
Public key infrastructure (PKI) _____. creates private key cryptography is the management of digital certificates requires the use of an RA instead of a CA generates public/private keys automatically
4096
SSL and TLS keys of what length are generally considered to be strong? 128 1024 2048 4096
SSH
Select below the secure alternative to the telnet protocol: HTTPS TLS IPsec SSH
Hashing
What type of cryptographic algorithm can be used to ensure the integrity of a file's contents? Blocking Hashing Encrypting Cloning
bridge trust
What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs? bridge trust distributed trust third-party trust transitive trust
The hard-coded MAC address of the owner
Which of the following does a digital certificate NOT contain? Serial number of the digital certificate The hard-coded MAC address of the owner Name of the issuer Expiration date of the public key @pp 231
A facilitator interconnects CAs within a bridge trust model
Which of the following explains the importance of a facilitator? A facilitator expedites the certificate validation process A facilitator speeds up the process of blacklisting untrusted certificates A facilitator simplifies the use of digital certificates to end users A facilitator interconnects CAs within a bridge trust model
Authentication of the web server
Which of the following is provided by a server digital certificate? Integrity of the cryptographic connection Authentication the author of a book Secure email transmissions Authentication of the web server
CA Private key
Which of the following is used to digitally sign a certificate? CSR CA Public key Private key RA
authorization
Which of these is NOT part of the certificate life cycle? revocation authorization creation expiration
in digests
Which of these is NOT where keys can be stored? in tokens in digests on the user's local system embedded in digital certificates
SSL v2.0
Which of these is considered the weakest cryptographic transport protocol? SSL v2.0 TLS v1.0 TLS v1.1 TLS v1.3
It is designed for use on a large scale.
Which statement is NOT true regarding hierarchical trust models? The root signs all digital certificate authorities with a single key. It assigns a single hierarchy with one master CA. It is designed for use on a large scale. The master CA is called the root.
Certificate Authority (CA)
An entity that issues digital certificates is a _____. Certificate Authority (CA) Signature Authority (SA) Certificate Signatory (CS) Digital Signer (DS)
expiration
At what stage can a certificate no longer be used for any type of authentication? creation suspension revocation expiration
to verify the authenticity of the Registration Authorizer
Digital certificates can be used for each of these EXCEPT _____. to encrypt channels to provide secure communication between clients and servers to verify the identity of clients and servers on the Web to verify the authenticity of the Registration Authorizer to encrypt messages for secure email communications
TLS v1.2 is considered more secure than any version of SSL
How are TLS and SSL currently different in regards to security? TLS and SSL are interchangeable SSL is used externally and TLS is used within private networks TLS v1.2 is considered more secure than any version of SSL SSL v2.0 is more secure than TLS v1.1
Soft-fail
If a browser cannot connect to the OSCP responder, what does the browser receive in return? An SSL error message OCSP staple Soft-fail The browser crashes
server digital certificate
In order to ensure a secure cryptographic connection between a web browser and a web server, a(n) _____ would be used. web digital certificate email web certificate server digital certificate personal digital certificate
IPSec
The Authentication Header (AH) protocol is a part of what encryption protocol suite below? TLS 3.0 IPSec GPG SSL
third
The ______-party trust model supports CA. first second third fourth
digital certificate
The strongest technology that would assure Alice that Bob is the sender of a message is a(n) _____. digital signature encrypted signature digital certificate digest
Certificate Authorities can generate public key certificates
What is the biggest difference between a CA and an RA? RAs generate private keys and CAs generate public keys Certificate Authorities can generate public key certificates CAs primarily process certificate revocation requests RAs are more reliable than CAs
Registration Authority
What is the name for an organization that receives, authenticates, and processes certificate revocation requests? Registration Authority Certificate Authority Repudiation Authority Intermediate Authority
The pre-master secret is used to create a master key, which can then create session keys for symmetric encryption
Why is a pre-master secret an important component of a web browser and web server handshake? The pre-master secret generates a pre-master key that creates asymmetric keys for the transmission The pre-master secret is what shares public and private keys between the involved parties The pre-master secret is used to create a master key, which can then create session keys for symmetric encryption The pre-master secret generates a hash to ensure integrity of the encryption key
Renewing keys continues their lifespan, making them less reliable
Why would an administrator NOT renew a key? Once a key is renewed, it is no longer considered authenticated Renewing keys continues their lifespan, making them less reliable Usage of a key recovery agent is no longer an option Keys still provide authentication after expiration
Using one CA can be inconvenient when entities are located in different geographical areas
Why would an administrator choose to use multiple Registration Authorities when processing certificate requests? RAs cross-reference each other for authenticity The more third-parties sign a digital certificate, the more secure the certificate becomes RAs often become corrupt, which results in reliability fluctuation Using one CA can be inconvenient when entities are located in different geographical areas
Session keys
_____ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. Session keys Encrypted signatures Digital digests Digital certificates
Secure Shell (SSH)
_____ is a protocol for securely accessing a remote computer. Secure Shell (SSH) Secure Sockets Layer (SSL) Secure Hypertext Transport Protocol (SHTTP) Transport Layer Security (TLS)
Online Certificate Status Protocol (OCSP)
_____ performs a real-time lookup of a digital certificate's status. Certificate Revocation List (CRL) Online Certificate Status Protocol (OCSP) CA Registry Database (CARD) Real-Time CA Verification (RTCAV)
Key escrow
_____ refers to a situation in which keys are managed by a third party, such as a trusted CA. Key escrow Remote key administration Trusted key authority Key authorization