Intro to Network Security sixth ed chapter 4
D. salt
12. What is a value that can be used to ensure that hashed plaintext will not consistently result in the same digest? A. algorithm B. initialization vector (IV) C. nonce D. salt
C. Certificate Repository (CR)
A centralized directory of digital certificates is called a(n) _____. A. Digital Signature Permitted Authorization (DSPA) B. Digital Signature Approval List (DSAP) C. Certificate Repository (CR) D. Authorized Digital Signature (ADS)
Online CA
A certificate authority that is directly connected to a network.
Offline CA
A certificate authority that is not directly connected to a network.
Email Digital Certificate
A certificate that allows a user to digitally sign and encrypt mail messages.
Object Identifier (OID)
A designator made up of a series of numbers separated with a dot which names an entity.
B. the user's identity with his public key
A digital certificate associates _____. A. a user's public key with his private key B. the user's identity with his public key C. a user's private key with the public key D. a private key with a digital signature
Certificate Revocation List (CRL)
A list of certificate serial numbers that have been revoked.
Stapling
A process for verifying the status of a certificate by sending queries at regular intervals to receive a signed time-stamped response.
Counter (CTR)
A process in which both the message sender and receiver access a counter, which computers a new value each time a ciphertext block is exchanged.
Cipher Block Chaining (CBC)
A process in which each block of plaintext is XORed with the previous block of ciphertext before being encrypted.
Key Escrow
A process in which keys are managed by a third party, such as trusted CA.
Electronic Code Book (ECB)
A process in which plaintext is divided into blocks and each block is then encrypted separately
Galois/Counter (GCM)
A process that both encrypts and computes a message authentication code (MAC)
Online Certificate Status Protocol (OCSP)
A process that performs a real-time lookup of a certificate's status.
Block Cipher Mode of Operation
A process that specifies how block ciphers should handle plaintext.
Secure Real-Time Transport Protocol (SRTP)
A protocol for providing protection for voice over IP (VoIP) communications.
Secure/Multipurpose Internet Mail Extensions (S/MIME)
A protocol for securing email messages.
Internet Protocol Security (IPsec)
A protocol suite for securing internet protocol (IP) communications.
Crypto Service Provider
A service used by an application to implement cryptography.
Self-Signed
A signed digital certificate that does not depend upon any higher level authority for authentication.
Digital Certificate
A technology used to associate a user's identity to a public key and that has been digitally signed by a trusted third party.
Certificate Signing Request (CSR)
A user request for a digital certificate.
Salt
A value that can be used to ensure that plaintext, when hashed, will not consistently result in the same digest.
Nonce ( number used once)
A value that must be unique within some specified scope.
Transport Layer Security (TLS)
A widespread crytographic transport algorithm. Current versions v1.1 and v1.2 are considered secure.
D. certificate policy (CP)
A(n) _____ is a published set of rules that govern the operation of a PKI. A. signature resource guide (SRG) B. enforcement certificate (EF) C. certificate practice statement (CPS) D. certificate policy (CP)
Subject Alternative Name (SAN)
Also known as a unified communications certificate (UCC), certificate primarily used for Microsoft exchange servers or unified communications.
Root Digital Certificate
Also the beginning point of the certificate chain. A certificate that is created and verified by a CA
Transport Mode
An IPsec mode that encrypts only the data portion (payload) of each packet yet leaves the header unencrypted.
Authentication Header (AH)
An IPsec protocol that authenticates that packets received were sent from the source.
Encapsulating Security Payload (ESP)
An IPsec protocol that encrypts packets.
Tunnel Mode
An Ipsec mode that encrypts both the header and the data portion.
PKCS#12
An X.509 file format that is one of a numbered set of 15 standards defined by RSA corporation.
Personal Information Exchange (PFX)
An X.509 file format that is the preferred file format for creating certificates to authenticate applications or websites.
Privacy Enhancement Mail (PEM)
An X.509 file format that uses DER encoding and can have multiple certificates.
Secret Algorithm
An attempt to hide the existence of an algorithm for enhanced security.
Secure Sockets Layer (SSL)
An early and wide spread cryptographic transport algorithm, now considered obsolete.
Secure Shell (SSH)
An encrypted alternative to the Telnet protocol that is used to access remote computers.
C. Certificate Authority (CA)
An entity that issues digital certificates is a _____. A. Certificate Signatory (CS) B. Digital Signer (DS) C. Certificate Authority (CA) D. Signature Authority (SA)
Intermediate Certificate Authority (CA)
An entity that processes the CSR and verifies the authenticity of the user on behalf of a certificate authority (CA)
Extended Validation (EV) Certificate
Certificate that requires more extensive verification of the legitimacy of the business than does a domain validation digital certificate.
Domain Validation Digital Certificate
Certificate that verifies the identity of the entity that has control over the domain name.
Code Signing Digital Certificate
Certificate used by software developers to digitally sign a program to prove that the software comes from the entity that signed it and that no unauthorized third party has altered it.
Wildcard Digital Certificate
Certificate used to validate a main domain along with all subdomains.
Machine Digital Certificate
Certificate used to verify the identity of a device in a network transaction.
Crypto Modules
Cryptography modules that are invoked by crypto service providers to perform various tasks.
A. to verify the authenticity of the Registration Authorizer
Digital certificates can be used for each of these EXCEPT _____. A. to verify the authenticity of the Registration Authorizer B. to encrypt channels to provide secure communication between clients and servers C. to verify the identity of clients and servers on the Web D. to encrypt messages for secure email communications
Hypertext Transport Protocol Secure (HTTPS)
HTTP sent over SSL (Secure Sockets Layer) or TLS (Transport Layer Security).
Pinning
Hard-coding a digital certificate within a program that is using the certificate.
Certificate Chaining
Linking several certificates together to establish trust between all the certificates involved.
C. is the management of digital certificates
Public key infrastructure (PKI) _____. A. generates public/private keys automatically B. creates private key cryptography C. is the management of digital certificates D. requires the use of an RA instead of a CA
Session Keys
Symmetric keys used to encrypt and decrypt information exchanged during the session and to verify its integrity.
User Digital Certificate
The end-point of the certificate chain.
Certificate Authority (CA)
The entity that is responsible for digital certificates
Initialization Vector (IV)
The most widely used algorithm input. Considered a nonce, selected in a non-predictable way.
Key Exchange
The process of sending and receiving secure cryptographic keys. Also the specific handshake setup between web browser and web server.
Key Strength
The resiliency of a key to resist attacks.
D. digital certificate
The strongest technology that would assure Alice that Bob is the sender of a message is a(n) _____. A. digital signature B. encrypted signature C. digest D. digital certificate
Trust Model
The type of trust relationship that can exist between individuals or entities.
Public Key Infrastructure (PKI)
The underlying infrastructure for the management of public keys used in digital certificates.
D. Crypto service provider
What entity calls in crypto modules to perform cryptographic tasks? A. Certificate Authority (CA) B. OCSP Chain C. Intermediate CA D. Crypto service provider
B. Extended Validation (EV) Certificate
Which digital certificate displays the name of the entity behind the website? A. Online Certificate Status Certificate B. Extended Validation (EV) Certificate C. Session Certificate D. X.509 Certificate
D. Cipher Block Chaining (CBC)
Which of the following block ciphers XORs each block of plaintext with the previous block of ciphertext before being encrypted? A. Electronic Code Book (ECB) B. Galois/Counter (GCM) C. Counter (CTR) D. Cipher Block Chaining (CBC)
D. Variability
Which of the following is NOT a method for strengthening a key? A. Randomness B. Cryptoperiod C. Length D. Variability
C. authorization
Which of these is NOT part of the certificate life cycle? A. expiration B. revocation C. authorization D. creation
A. TLS v1.2
Which of these is considered the strongest cryptographic transport protocol? A. TLS v1.2 B. TLS v1.0 C. SSL v2.0 D. SSL v2.0
A. It is designed for use on a large scale.
Which statement is NOT true regarding hierarchical trust models? A. It is designed for use on a large scale. B. The root signs all digital certificate authorities with a single key. C. It assigns a single hierarchy with one master CA. D. The master CA is called the root.
A. Bridge
Which trust model has multiple CAs, one of which acts as a facilitator? A. Bridge B. Hierarchical C. Distributed D. Web
B. Session keys
_____ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. A. Encrypted signatures B. Session keys C. Digital certificates D. Digital digests
B. Secure Shell (SSH)
_____ is a protocol for securely accessing a remote computer. A. Transport Layer Security (TLS) B. Secure Shell (SSH) C. Secure Sockets Layer (SSL) D. Secure Hypertext Transport Protocol (SHTTP)
C. Online Certificate Status Protocol (OCSP)
_____ performs a real-time lookup of a digital certificate's status. A. Certificate Revocation List (CRL) B. Real-Time CA Verification (RTCAV) C. Online Certificate Status Protocol (OCSP) D. CA Registry Database (CARD)
B. Key escrow
_____ refers to a situation in which keys are managed by a third party, such as a trusted CA. A. Key authorization B. Key escrow C. Remote key administration D. Trusted key authority
Distinguished Encoding Rules (DER) and Canonical Encoding Rules (CER)
what are the two X.509 encoding formats.
