Chapter 6: Quiz/ Review Questions
a. Certificate Signing Request (CSR)
A is a specially formatted encrypted message that validates the information the CA requires to issue a digital certificate. a. Certificate Signing Request (CSR) b. digital digest c. FQDN form d. digital certificate
c. to verify the authenticity of the Registration Authorizer
Digital certificates can be used for each of these EXCEPT _____ . a. to encrypt channels to provide secure communication between clients and servers b. to verify the identity of clients and servers on the Web c. to verify the authenticity of the Registration Authorizer d. to encrypt messages for secure email communications
Router
On which of the following devices is IPsec likely to be implemented? Network Analyzer Hub Router Switch
b. is the management of digital certificates
Public key infrastructure (PKI) . a. creates private key cryptography b. is the management of digital certificates c. requires the use of an RA instead of a CA d. generates public/private keys automatically
Within digital certificates
Where are private keys NOT stored? Within digital certificates Within a token On a user's local hardware Within software on a local system
b. Certificate Repository (CR)
A centralized directory of digital certificates is called a(n) . a. Digital Signature Approval List (DSAP) b. Certificate Repository (CR) c. Authorized Digital Signature (ADS) d. Digital Signature Permitted Authorization (DSPA)
d. the user's identity with his public key
A digital certificate associates . a. a user's private key with the public key b. a private key with a digital signature c. a user's public key with his private key d. the user's identity with his public key
d. Extended Validation SSL Certificate
A digital certificate that turns the address bar green is a(n) . a. Personal Web-Client Certificate b. Advanced Web Server Certificate (AWSC) c. X.509 Certificate d. Extended Validation SSL Certificate
1
A hierarchial trust model signs digital certificate authorities with how many keys? 16 1 4 2
certificate policy (CP)
A(n) _____ is a published set of rules that govern the operation of a PKI. signature resource guide (SRG) certificate policy (CP) enforcement certificate (EF) certificate practice statement (CPS)
c. certificate policy (CP)
A(n) is a published set of rules that govern the operation of a PKI. a. enforcement certificate (EF) b. certificate practice statement (CPS) c. certificate policy (CP) d. signature resource guide (SRG)
a. are widely accepted in the industry
Public Key Cryptography Standards (PKCS) . a. are widely accepted in the industry b. are used to create public keys only c. define how hashing algorithms are created d. have been replaced by PKI
RSA public key algorithm
Public Key Cryptography Standards are based on which of the following? Blowfish hash Digital Signatures RSA public key algorithm TLS/SSL
is the management of digital certificates
Public key infrastructure (PKI) _____. is the management of digital certificates creates private key cryptography generates public/private keys automatically requires the use of an RA instead of a CA
digital certificate
The strongest technology that would assure Alice that Bob is the sender of a message is a(n) _____. digital certificate digital signature encrypted signature digest
SSL v2.0
Which of these is considered the weakest cryptographic transport protocol? TLS v1.3 TLS v1.0 TLS v1.1 SSL v2.0
a. Certificate Authority (CA)
An entity that issues digital certificates is a . a. Certificate Authority (CA) b. Signature Authority (SA) c. Certificate Signatory (CS) d. Digital Signer (DS)
c. third
The -party trust model supports CA. a. first b. second c. third d. fourth
to verify the authenticity of the Registration Authorizer
Digital certificates can be used for each of these EXCEPT _____. to verify the authenticity of the Registration Authorizer to encrypt channels to provide secure communication between clients and servers to encrypt messages for secure email communications to verify the identity of clients and servers on the Web
By intercepting a message, creating imposter keys, and sending the modified message
How does an attacker successfully alter a message that was sent with a digital certificate? By intercepting a message, creating imposter keys, and sending the modified message This is not possible because digital certificates prove the identity of the sender By intercepting a message and altering the public and private keys By spoofing the sender's IP and MAC address
server digital certificate
In order to ensure a secure cryptographic connection between a web browser and a web server, a(n) _____ would be used. web digital certificate server digital certificate personal digital certificate email web certificate
The key is split in two halves, then encrypted by a third party
What is involved in key escrow? Fragments of a key are sent to several third parties and stored in different locations A key is encrypted with several different random algorithms by a third party The key is split in two halves, then encrypted by a third party A key is downloaded from a third party every time it is used
Certificate Authorities can generate public key certificates.
What is the biggest difference between CA and RA? CAs primarily process certificate revocation requests. RAs generate private keys and CAs generate public keys. Certificate Authorities can generate public key certificates. RAs are more reliable than CAs.
To limit use of a certificate after an employee temporarily leaves
What is the purpose of suspending a digital certificate rather than revoking it? To ensure the certificate goes through the proper disposal procedures before revocation There is no suspension of certificates; all digital certificates must be revoked then recreated To limit use of a certificate after an employee temporarily leaves When a certificate is compromised, a suspension can be used while the certificate's key is modified to become secure once again
b. authorization
Which of these is NOT part of the certificate life cycle? a. revocation b. authorization c. creation d. expiration
b. in digests
Which of these is NOT where keys can be stored? a. in tokens b. in digests c. on the user's local system d. embedded in digital certificates
It is designed for use on a large scale.
Which statement is NOT true regarding hierarchical trust models? The root signs all digital certificate authorities with a single key. It assigns a single hierarchy with one master CA. The master CA is called the root. It is designed for use on a large scale.
The pre-master secret is used to create a master key, which can then create session keys for symmetric encryption.
Why is a pre-master secret an important component of a web browser and web server handshake? The pre-master secret generates a pre-master key that creates asymmetric keys for the transmission. The pre-master secret is used to create a master key, which can then create session keys for symmetric encryption. The pre-master secret generates a hash to ensure integrity of the encryption key. The pre-master secret is what shares public and private keys between the...
Using one CA can be inconvenient when entities are located in different geographical areas.
Why would an administrator choose to use multiple Registration Authorities when processing certificate requests? The more third-parties sign a digital certificate, the more secure the certificate becomes. RAs cross-reference each other for authenticity. Using one CA can be inconvenient when entities are located in different geographical areas. RAs often become corrupt, when results in reliability fluctuation.
Session keys
_____ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. Encrypted signatures Session keys Digital digests Digital certificates
Secure Shell (SSH)
_____ is a protocol for securely accessing a remote computer. Secure Shell (SSH) Transport Layer Security (TLS) Secure Hypertext Transport Protocol (SHTTP) Secure Sockets Layer (SSL)
b. Online Certificate Status Protocol (OCSP)
_____ performs a real-time lookup of a digital certificate's status. a. Certificate Revocation List (CRL) b. Online Certificate Status Protocol (OCSP) c. CA Registry Database (CARD) d. Real-Time CA Verification (RTCAV)
Key escrow
_____ refers to a situation in which keys are managed by a third party, such as a trusted CA. Key escrow Remote key administration Trusted key authority Key authorization
a. Secure Shell (SSH)
_______ is a protocol for securely accessing a remote computer. a. Secure Shell (SSH) b. Secure Sockets Layer (SSL) c. Secure Hypertext Transport Protocol (SHTTP) d. Transport Layer Security (TLS)
a. Key escrow
________ refers to a situation in which keys are managed by a third party, such as a trusted CA. a. Key escrow b. Remote key administration c. Trusted key authority d. Key authorization