Chapter 6: Advanced Cryptography
Public Key Cryptography Standards are based on which of the following?
RSA public key algorithm
If a browser cannot connect to the OSCP responder, what does the browser receive in return?
Soft-fail
A centralized directory of digital certificates is called a(n)________. a. Digital Signature Approval List (DSAP) b. Certificate Repository (CR) c. Authorized Digital Signature (ADS) d. Digital Signature Permitted Authorization (DSPA)
b. Certificate Repository (CR)
____________ is a protocol for securely accessing a remote computer. a. Secure Shell (SSH) b. Secure Sockets Layer (SSL) c. Secure Hypertext Transport Protocol (SHTTP) d. Transport Layer Security (TLS)
.a. Secure Shell (SSH)
How can an EV SSL help users avoid dangerous sites?
By blocking websites that are known to be malicious
Which of the following is used to digitally sign a certificate?
CA Private key
What is the biggest difference between a CA and an RA?
Certificate Authorities can generate public key certificates
An entity that issues digital certificates is a _______________. a. Certificate Authority (CA) b. Signature Authority (SA) c. Certificate Signatory (CS) d. Digital Signer (DS)
a. Certificate Authority (CA)
A ____________ is a specially formatted encrypted message that validates the information the CA requires to issue a digital certificate. a. Certificate Signing Request (CSR) b. digital digest c. FQDN form d. digital certificate
a. Certificate Signing Request (CSR)
____________refers to a situation in which keys are managed by a third party, such as a trusted CA. a. Key escrow b. Remote key administration c. Trusted key authority d. Key authorization
a. Key escrow
Which of these is considered the weakest cryptographic transport protocol? a. SSL v2.0 b. TLS v1.0 c. TLS v1.1 d. TLS v1.3
a. SSL v2.0
_____________ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. a. Session keys b. Encrypted signatures c. Digital digests d. Digital certificates
a. Session keys
Public Key Cryptography Standards (PKCS)_______________. a. are widely accepted in the industry b. are used to create public keys only c. define how hashing algorithms are created d. have been replaced by PKI
a. are widely accepted in the industry
The strongest technology that would assure Alice that Bob is the sender of a message is a(n) _____________. a. digital signature b. encrypted signature c. digital certificate d. digest
a. digital certificate
Which statement is NOT true regarding hierarchical trust models? a. The root signs all digital certificate authorities with a single key. b. It assigns a single hierarchy with one master CA. c. It is designed for use on a large scale. d. The master CA is called the root.
b. It is designed for use on a large scale.
_____________ performs a real-time look-up of a digital certificate's status. a. Certificate Revocation List (CRL) b. Online Certificate Status Protocol (OCSP) c. CA Registry Database (CARD) d. Real-Time CA Verification (RTCAV)
b. Online Certificate Status Protocol (OCSP)
Which of these is NOT part of the certificate life cycle? a. revocation b. authorization c. creation d. expiration
b. authorization
Which of these is NOT where keys can be stored? a. in tokens b. in digests c. on the user's local system d. embedded in digital certificates
b. in digests
Public key infrastructure (PKI) _________________. a. creates private key cryptography b. is the management of digital certificates c. requires the use of an RA instead of a CA d. generates public/private keys automatically
b. is the management of digital certificates.
A(n)___________ is a published set of rules that govern the operation of a PKI. a. enforcement certificate (EF) b. certificate practice statement (CPS) c. certificate policy (CP) d. signature resource guide (SRG)
c. certificate policy (CP)
In order to ensure a secure cryptographic connection between a web browser and a web server, a(n) _________ would be used. a. web digital certificate b. email web certificate c. server digital certificate d. personal digital certificate
c. server digital certificate
The ___________-party trust model supports CA. a. first b. second c. third d. fourth
c. third
Digital certificates can be used for each of these EXCEPT ______. a. to encrypt channels to provide secure communication between clients and server. b. to verify the identity of clients and servers on the Web. c. to verify the authenticity of the Registration Authorizer d. to encrypt messages for secure email communications
c. to verify the authenticity of the Registration Authorizer
A digital certificate that turns the address bar green is a(n)______. a. Personal Web-Client Certificate b. Advanced Web Server Certificate (AWSC) c. X.509 Certificate d. Extended Validation SSL Certificate
d. Extended Validation SSL Certificate
A digital certificate associates __________________. a. a user's private key with the public key b. a private key with a digital signature c. a user's public key with his private key d. the user's identity with his public key
d. the user's identity with his public key