Chapter 6

What protocol below supports two encryption modes: transport and tunnel? A) HTTPS B) IPSec C) SSL D) TLS

IPSec

How are TLS and SSL currently different in regards to security? A) TLS and SSL are interchangeable B) SSL is used externally and TLS is used within private networks C) TLS v1.2 is considered more secure than any version of SSL D) SSL v2.0 is more secure than TLS v1.1

TLS v1.2 is considered more secure than any version of SSL

A digital certificate associates _____. A) a user's private key with the public key B) a private key with a digital signature C) a user's public key with his private key D) the user's identity with his public key

the user's identity with his public key

The ______-party trust model supports CA. A) first B) second C) third D) fourth

third

Digital certificates can be used for each of these EXCEPT _____. A) to encrypt channels to provide secure communication between clients and servers B) to verify the identity of clients and servers on the Web C) to verify the authenticity of the Registration Authorizer D) to encrypt messages for secure email communications

to verify the authenticity of the Registration Authorizer

The Authentication Header (AH) protocol is a part of what encryption protocol suite below?​ A) ​TLS 3.0 B) ​IPSec C) GPG D) ​SSL

​IPSec

An entity that issues digital certificates is a _____. A) Certificate Authority (CA) B) Signature Authority (SA) C) Certificate Signatory (CS) D) Digital Signer (DS)

Certificate Authority (CA)

A centralized directory of digital certificates is called a(n) _____. A) Digital Signature Approval List (DSAP) B) Certificate Repository (CR) C) Authorized Digital Signature (ADS) D) Digital Signature Permitted Authorization (DSPA)

Certificate Repository (CR)

A _____ is a specially formatted encrypted message that validates the information the CA requires to issue a digital certificate. A) Certificate Signing Request (CSR) B) digital digest C) FQDN form D) digital certificate

Certificate Signing Request (CSR)

A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate, is known as? A) Certificate practice statement (CPS) B) Certificate policy (CP) C) Lifecycle policy (LP) D) Access policy (AP)

Certificate practice statement (CPS)

Select below the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates: A) Registration Authority B) Delegation Authority C) Certification Authority D) Participation Authority

Certification Authority

_____ performs a real-time lookup of a digital certificate's status. A) Certificate Revocation List (CRL) B) Online Certificate Status Protocol (OCSP) C) CA Registry Database (CARD) D) Real-Time CA Verification (RTCAV)

Online Certificate Status Protocol (OCSP)

A framework for all of the entities involved in digital certificates for digital certificate management is known as: A) Public key infrastructure B) Network key infrastructure C) Private key infrastructure D) Shared key infrastructure

Public key infrastructure

Which of these is considered the weakest cryptographic transport protocol? A) SSL v2.0 B) TLS v1.0 C) TLS v1.1 D) TLS v1.3

SSL v2.0

_____ is a protocol for securely accessing a remote computer. A) Secure Shell (SSH) B) Secure Sockets Layer (SSL) C) Secure Hypertext Transport Protocol (SHTTP) D) Transport Layer Security (TLS)

Secure Shell (SSH)

_____ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. A) Session keys B) Encrypted signatures C) Digital digests D) Digital certificates

Session keys

What is involved in key escrow? A) A key is encrypted with several different random algorithms by a third party B) A key is downloaded from a third party every time it is used C) The key is split in two halves, then encrypted by a third party D) Fragments of a key are sent to several third parties and stored in different locations

The key is split in two halves, then encrypted by a third party

Why is a pre-master secret an important component of a web browser and web server handshake? A) The pre-master secret generates a pre-master key that creates asymmetric keys for the transmission B) The pre-master secret is what shares public and private keys between the involved parties C) The pre-master secret is used to create a master key, which can then create session keys for symmetric encryption D) The pre-master secret generates a hash to ensure integrity of the encryption key

The pre-master secret is used to create a master key, which can then create session keys for symmetric encryption

In order to ensure a secure cryptographic connection between a web browser and a web server, a(n) _____ would be used. A) web digital certificate B) email web certificate C) server digital certificate D) personal digital certificate

server digital certificate

A digital certificate that turns the address bar green is a(n) _____. A) Personal Web-Client Certificate B) Advanced Web Server Certificate (AWSC) C) X.509 Certificate D) Extended Validation SSL Certificate

Extended Validation SSL Certificate

What type of cryptographic algorithm can be used to ensure the integrity of a file's contents? A) Blocking B) Hashing C) Encrypting D) Cloning

Hashing

Which statement is NOT true regarding hierarchical trust models? A) The root signs all digital certificate authorities with a single key. B) It assigns a single hierarchy with one master CA. C) It is designed for use on a large scale. D) The master CA is called the root.

It is designed for use on a large scale.

The process by which keys are managed by a third party, such as a trusted CA, is known as? A) Key escrow B) Key destruction C) Key renewal D) Key management

Key escrow

_____ refers to a situation in which keys are managed by a third party, such as a trusted CA. A) Key escrow B) Remote key administration C) Trusted key authority D) Key authorization

Key escrow

Public Key Cryptography Standards (PKCS) _____. A) are widely accepted in the industry B) are used to create public keys only C) define how hashing algorithms are created D) have been replaced by PKI

are widely accepted in the industry

Which of these is NOT part of the certificate life cycle? A) revocation B) authorization C) creation D) expiration

authorization

A(n) _____ is a published set of rules that govern the operation of a PKI. A) enforcement certificate (EF) B) certificate practice statement (CPS) C) certificate policy (CP) D) signature resource guide (SRG)

certificate policy (CP)

The strongest technology that would assure Alice that Bob is the sender of a message is a(n) _____. A) digital signature B) encrypted signature C) digital certificate D) digest

digital certificate

Which of these is NOT where keys can be stored? A) in tokens B) in digests C) on the user's local system D) embedded in digital certificates

in digests

Public key infrastructure (PKI) _____. A) creates private key cryptography B) is the management of digital certificates C) requires the use of an RA instead of a CA D) generates public/private keys automatically

is the management of digital certificates