Security - Chapter 6
After encrypting all laptop hard drives: an executive officer's laptop has trouble booting to the operating system. Now that it is successfully encrypted the helpdesk cannot retrieve the data. Which of the following can be used to decrypt the information for retrieval? A. Recovery agent B. Private key C. Trust models D. Public key
A
An administrator has successfully implemented SSL on srv4.comptia.com using wildcard certificate *.comptia.com: and now wishes to implement SSL on srv5.comptia.com. Which of the following files should be copied from srv4 to accomplish this? A. certificate: private key: and intermediate certificate chain B. certificate: intermediate certificate chain: and root certificate C. certificate: root certificate: and certificate signing request D. certificate: public key: and certificate signing request
A
If Organization A trusts Organization B and Organization B trusts Organization C: then Organization A trusts Organization C. Which of the following PKI concepts is this describing? A. Transitive trust B. Public key trust C. Certificate authority trust D. Domain level trust
A
Pete: an employee: needs a certificate to encrypt data. Which of the following would issue Pete a certificate? A. Certification authority B. Key escrow C. Certificate revocation list D. Registration authority
A
Some customers have reported receiving an untrusted certificate warning when visiting the company's website. The administrator ensures that the certificate is not expired and that customers have trusted the original issuer of the certificate. Which of the following could be causing the problem? A. The intermediate CA certificates were not installed on the server. B. The certificate is not the correct type for a virtual server. C. The encryption key used in the certificate is too short. D. The client's browser is trying to negotiate SSL instead of TLS.
A
The finance department works with a bank which has recently had a number of cyber attacks. The finance department is concerned that the banking website certificates have been compromised. Which of the following can the finance department check to see if any of the bank's certificates are still valid? A. Bank's CRL B. Bank's private key C. Bank's key escrow D. Bank's recovery agent
A
Which of the following allows a company to maintain access to encrypted resources when employee turnover is high? A. Recovery agent B. Certificate authority C. Trust model D. Key escrow
A
Which of the following allows lower level domains to access resources in a separate Public Key Infrastructure? A. Trust Model B. Recovery Agent C. Public Key D. Private Key
A
Which of the following identifies certificates that have been compromised or suspected of being compromised? A. Certificate revocation list B. Access control list C. Key escrow registry D. Certificate authority
A
Which of the following is synonymous with a server's certificate? A. Public key B. CRL C. Private key D. Recovery agent
A
Which of the following is true about the CRL? A. It should be kept public B. It signs other keys C. It must be kept secret D. It must be encrypted
A
Which of the following is true about the recovery agent? A. It can decrypt messages of users who lost their private key. B. It can recover both the private and public key of federated users. C. It can recover and provide users with their lost or private key. D. It can recover and provide users with their lost public key.
A
Which of the following is used to certify intermediate authorities in a large PKI deployment? A. Root CA B. Recovery agent C. Root user D. Key escrow
A
A system administrator is notified by a staff member that their laptop has been lost. The laptop contains the user's digital certificate. Which of the following will help resolve the issue? (Select TWO). A. Revoke the digital certificate B. Mark the key as private and import it C. Restore the certificate using a CRL D. Issue a new digital certificate E. Restore the certificate using a recovery agent
A D
Certificates are used for: (Select TWO). A. Client authentication. B. WEP encryption. C. Access control lists. D. Code signing. E. Password hashing.
A D
A certificate used on an ecommerce web server is about to expire. Which of the following will occur if the certificate is allowed to expire? A. The certificate will be added to the Certificate Revocation List (CRL). B. Clients will be notified that the certificate is invalid. C. The ecommerce site will not function until the certificate is renewed. D. The ecommerce site will no longer use encryption.
B
In order to use a two-way trust model the security administrator MUST implement which of the following? A. DAC B. PKI C. HTTPS D. TPM
B
The CRL contains a list of: A. private keys B. public keys C. root certificates D. valid certificates
B
The security administrator installed a newly generated SSL certificate onto the company web server. Due to a mis-configuration of the website: a downloadable file containing one of the pieces of the key was available to the public. It was verified that the disclosure did not require a reissue of the certificate. Which of the following was MOST likely compromised? A. The file containing the recovery agent's keys. B. The file containing the public key. C. The file containing the private key. D. The file containing the server's encrypted passwords.
B
Which of the following components MUST be trusted by all parties in PKI? A. Key escrow B. CA C. Private key D. Recovery key
B
Which of the following concepts is used by digital signatures to ensure integrity of the data? A. Non-repudiation B. Hashing C. Transport encryption D. Key escrow
B
Which of the following is true about an email that was signed by User A and sent to User B? A. User A signed with User B's private key and User B verified with their own public key. B. User A signed with their own private key and User B verified with User A's public key. C. User A signed with User B's public key and User B verified with their own private key. D. User A signed with their own public key and User B verified with User A's private key.
B
Digital signatures are used for ensuring which of the following items? (Select TWO). A. Confidentiality B. Integrity C. Non-Repudiation D. Availability E. Algorithm strength
B C
In PKI: a key pair consists of: (Select TWO). A. A key ring B. A public key C. A private key D. Key escrow E. A passphrase
B C
A company's employees were victims of a spear phishing campaign impersonating the CEO. The company would now like to implement a solution to improve the overall security posture by assuring their employees that email originated from the CEO. Which of the following controls could they implement to BEST meet this goal? (Select TWO) A. Spam filter B. Digital signatures C. Antivirus software D. Digital certificates
B D
Pete: an employee: is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO). A. Private hash B. Recovery agent C. Public key D. Key escrow E. CRL
B D
A company's security administrator wants to manage PKI for internal systems to help reduce costs. Which of the following is the FIRST step the security administrator should take? A. Install a registration server. B. Generate shared public and private keys. C. Install a CA. D. Establish a key escrow policy.
C
A network administrator is looking for a way to automatically update company browsers so they import a list of root certificates from an online source. This online source will then be responsible for tracking which certificates are to be trusted or not trusted. Which of the following BEST describes the service that should be implemented to meet these requirements? A. Trust model B. Key escrow C. OCSP D. PKI
C
Company employees are required to have workstation client certificates to access a bank website. These certificates were backed up as a precautionary step before the new computer upgrade. After the upgrade and restoration: users state they can access the bank's website: but not login. Which is the following is MOST likely the issue? A. The IP addresses of the clients have change B. The client certificate passwords have expired on the server C. The certificates have not been installed on the workstations D. The certificates have been installed on the CA
C
In which of the following scenarios is PKI LEAST hardened? A. The CRL is posted to a publicly accessible location. B. The recorded time offsets are developed with symmetric keys. C. A malicious CA certificate is loaded on all the clients. D. All public keys are accessed by an unauthorized user.
C
When employees that use certificates leave the company they should be added to which of the following? A. PKI B. CA C. CRL D. TKIP
C
When reviewing a digital certificate for accuracy: which of the following would Matt: a security administrator: focus on to determine who affirms the identity of the certificate owner? A. Trust models B. CRL C. CA D. Recovery agent
C
Which of the following MUST be updated immediately when an employee is terminated to prevent unauthorized access? A. Registration B. CA C. CRL D. Recovery agent
C
Which of the following is a requirement when implementing PKI if data loss is unacceptable? A. Web of trust B. Non-repudiation C. Key escrow D. Certificate revocation list
C
Which of the following provides a static record of all certificates that are no longer valid? A. Private key B. Recovery agent C. CRLs D. CA
C
Which of the following should a security technician implement to identify untrusted certificates? A. CA B. PKI C. CRL D. Recovery agent
C
Digital certificates can be used to ensure which of the following? (Select TWO). A. Availability B. Confidentiality C. Verification D. Authorization E. Non-repudiation
C E
A CA is compromised and attacks start distributing maliciously signed software updates. Which of the following can be used to warn users about the malicious activity? A. Key escrow B. Private key verification C. Public key verification D. Certificate revocation list
D
A CRL is comprised of: A. Malicious IP addresses. B. Trusted CA's. C. Untrusted private keys. D. Public keys.
D
A certificate authority takes which of the following actions in PKI? A. Signs and verifies all infrastructure messages B. Issues and signs all private keys C. Publishes key escrow lists to CRLs D. Issues and signs all root certificates
D
A security administrator needs a locally stored record to remove the certificates of a terminated employee. Which of the following describes a service that could meet these requirements? A. OCSP B. PKI C. CA D. CRL
D
A software development company wants to implement a digital rights management solution to protect its intellectual property. Which of the following should the company implement to enforce software digital rights? A. Transport encryption B. IPsec C. Non-repudiation D. Public key infrastructure
D
Company A sends a PGP encrypted file to company B. If company A used company B's public key to encrypt the file: which of the following should be used to decrypt data at company B? A. Registration B. Public key C. CRLs D. Private key
D
Public key certificates and keys that are compromised or were issued fraudulently are listed on which of the following? A. PKI B. ACL C. CA D. CRL
D
The recovery agent is used to recover the: A. Root certificate B. Key in escrow C. Public key D. Private key
D
Which of the following BEST describes part of the PKI process? A. User1 decrypts data with User2's private key B. User1 hashes data with User2's public key C. User1 hashes data with User2's private key D. User1 encrypts data with User2's public key
D
Which of the following allows an organization to store a sensitive PKI component with a trusted third party? A. Trust model B. Public Key Infrastructure C. Private key D. Key escrow
D
Which of the following digital certificate management practices will ensure that a lost certificate is not compromised? A. Key escrow B. Non-repudiation C. Recovery agent D. CRL
D
Which of the following must be kept secret for a public key infrastructure to remain secure? A. Certificate Authority B. Certificate revocation list C. Public key ring D. Private key
D
Which of the following types of trust models is used by a PKI? A. Transitive B. Open source C. Decentralized D. Centralized
D
Which of the following is true about PKI? (Select TWO). A. When encrypting a message with the public key: only the public key can decrypt it. B. When encrypting a message with the private key: only the private key can decrypt it. C. When encrypting a message with the public key: only the CA can decrypt it. D. When encrypting a message with the public key: only the private key can decrypt it. E. When encrypting a message with the private key: only the public key can decrypt it.
D E
