Chapter 6
What protocol below supports two encryption modes: transport and tunnel? A) HTTPS B) IPSec C) SSL D) TLS
IPSec
How are TLS and SSL currently different in regards to security? A) TLS and SSL are interchangeable B) SSL is used externally and TLS is used within private networks C) TLS v1.2 is considered more secure than any version of SSL D) SSL v2.0 is more secure than TLS v1.1
TLS v1.2 is considered more secure than any version of SSL
A digital certificate associates _____. A) a user's private key with the public key B) a private key with a digital signature C) a user's public key with his private key D) the user's identity with his public key
the user's identity with his public key
The ______-party trust model supports CA. A) first B) second C) third D) fourth
third
Digital certificates can be used for each of these EXCEPT _____. A) to encrypt channels to provide secure communication between clients and servers B) to verify the identity of clients and servers on the Web C) to verify the authenticity of the Registration Authorizer D) to encrypt messages for secure email communications
to verify the authenticity of the Registration Authorizer
The Authentication Header (AH) protocol is a part of what encryption protocol suite below? A) TLS 3.0 B) IPSec C) GPG D) SSL
IPSec
An entity that issues digital certificates is a _____. A) Certificate Authority (CA) B) Signature Authority (SA) C) Certificate Signatory (CS) D) Digital Signer (DS)
Certificate Authority (CA)
A centralized directory of digital certificates is called a(n) _____. A) Digital Signature Approval List (DSAP) B) Certificate Repository (CR) C) Authorized Digital Signature (ADS) D) Digital Signature Permitted Authorization (DSPA)
Certificate Repository (CR)
A _____ is a specially formatted encrypted message that validates the information the CA requires to issue a digital certificate. A) Certificate Signing Request (CSR) B) digital digest C) FQDN form D) digital certificate
Certificate Signing Request (CSR)
A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate, is known as? A) Certificate practice statement (CPS) B) Certificate policy (CP) C) Lifecycle policy (LP) D) Access policy (AP)
Certificate practice statement (CPS)
Select below the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates: A) Registration Authority B) Delegation Authority C) Certification Authority D) Participation Authority
Certification Authority
_____ performs a real-time lookup of a digital certificate's status. A) Certificate Revocation List (CRL) B) Online Certificate Status Protocol (OCSP) C) CA Registry Database (CARD) D) Real-Time CA Verification (RTCAV)
Online Certificate Status Protocol (OCSP)
A framework for all of the entities involved in digital certificates for digital certificate management is known as: A) Public key infrastructure B) Network key infrastructure C) Private key infrastructure D) Shared key infrastructure
Public key infrastructure
Which of these is considered the weakest cryptographic transport protocol? A) SSL v2.0 B) TLS v1.0 C) TLS v1.1 D) TLS v1.3
SSL v2.0
_____ is a protocol for securely accessing a remote computer. A) Secure Shell (SSH) B) Secure Sockets Layer (SSL) C) Secure Hypertext Transport Protocol (SHTTP) D) Transport Layer Security (TLS)
Secure Shell (SSH)
_____ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. A) Session keys B) Encrypted signatures C) Digital digests D) Digital certificates
Session keys
What is involved in key escrow? A) A key is encrypted with several different random algorithms by a third party B) A key is downloaded from a third party every time it is used C) The key is split in two halves, then encrypted by a third party D) Fragments of a key are sent to several third parties and stored in different locations
The key is split in two halves, then encrypted by a third party
Why is a pre-master secret an important component of a web browser and web server handshake? A) The pre-master secret generates a pre-master key that creates asymmetric keys for the transmission B) The pre-master secret is what shares public and private keys between the involved parties C) The pre-master secret is used to create a master key, which can then create session keys for symmetric encryption D) The pre-master secret generates a hash to ensure integrity of the encryption key
The pre-master secret is used to create a master key, which can then create session keys for symmetric encryption
In order to ensure a secure cryptographic connection between a web browser and a web server, a(n) _____ would be used. A) web digital certificate B) email web certificate C) server digital certificate D) personal digital certificate
server digital certificate
A digital certificate that turns the address bar green is a(n) _____. A) Personal Web-Client Certificate B) Advanced Web Server Certificate (AWSC) C) X.509 Certificate D) Extended Validation SSL Certificate
Extended Validation SSL Certificate
What type of cryptographic algorithm can be used to ensure the integrity of a file's contents? A) Blocking B) Hashing C) Encrypting D) Cloning
Hashing
Which statement is NOT true regarding hierarchical trust models? A) The root signs all digital certificate authorities with a single key. B) It assigns a single hierarchy with one master CA. C) It is designed for use on a large scale. D) The master CA is called the root.
It is designed for use on a large scale.
The process by which keys are managed by a third party, such as a trusted CA, is known as? A) Key escrow B) Key destruction C) Key renewal D) Key management
Key escrow
_____ refers to a situation in which keys are managed by a third party, such as a trusted CA. A) Key escrow B) Remote key administration C) Trusted key authority D) Key authorization
Key escrow
Public Key Cryptography Standards (PKCS) _____. A) are widely accepted in the industry B) are used to create public keys only C) define how hashing algorithms are created D) have been replaced by PKI
are widely accepted in the industry
Which of these is NOT part of the certificate life cycle? A) revocation B) authorization C) creation D) expiration
authorization
A(n) _____ is a published set of rules that govern the operation of a PKI. A) enforcement certificate (EF) B) certificate practice statement (CPS) C) certificate policy (CP) D) signature resource guide (SRG)
certificate policy (CP)
The strongest technology that would assure Alice that Bob is the sender of a message is a(n) _____. A) digital signature B) encrypted signature C) digital certificate D) digest
digital certificate
Which of these is NOT where keys can be stored? A) in tokens B) in digests C) on the user's local system D) embedded in digital certificates
in digests
Public key infrastructure (PKI) _____. A) creates private key cryptography B) is the management of digital certificates C) requires the use of an RA instead of a CA D) generates public/private keys automatically
is the management of digital certificates