Security+ - Chapter 4 Exam
What length SSL and TLS keys are generally considered to be strong? 1024 4096 2048 128
4096
Which of the following is a valid way to check the status of a certificate? (Choose all that apply.) Certificate Revocation List Certificate Revocation Authority Online Certificate Status Protocol Revocation List Protocol
Certificate Revocation List, Online Certificate Status Protocol
A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate, is known as? Access policy (AP) Certificate policy (CP) Lifecycle policy (LP) Certificate practice statement (CPS)
Certificate practice statement (CPS)
Select the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates: Certification Authority Participation Authority Registration Authority Delegation Authority
Certification Authority
What block cipher mode of operation uses the most basic approach where the plaintext is divided into blocks, and each block is then encrypted separately? Galois/Counter Cipher Block Chaining Counter Electronic Code Book
Electronic Code Book
Which of the following is an enhanced type of domain digital certificate? Extended Validation Trusted Validation Authorized Validation Primary Validation
Extended Validation
A digital certificate is a technology used to associate a user's identity to a private key. True False
False
Digital certificates should last forever. True False
False
Root digital certificates should never be self-signed. True False
False
Some CAs issue only entry-level certificates that provide domain-only validation. True False
False
Stream ciphers work on multiple characters at a time. True False
False
What block cipher mode of operation encrypts plaintext and computes a message authentication code to ensure that the message was created by the sender and that it was not tampered with during transmission? Cipher Block Chaining Galois/Counter Electronic Code Book Counter
Galois/Counter
The Authentication Header (AH) protocol is a part of what encryption protocol suite below? SSL GPG IPSec TLS 3.0
IPSec
What protocol below supports two encryption modes: transport and tunnel? SSL IPSec HTTPS TLS
IPSec
Why is IPsec considered to be a transparent security protocol? IPsec's design and packet header contents are open sourced technologies. IPsec is designed to not require modifications of programs, or additional training, or additional client setup. IPsec packets can be viewed by anyone. IPsec uses the Transparent Encryption (TE) algorithm.
IPsec is designed to not require modifications of programs, or additional training, or additional client setup.
What common method is used to ensure the security and integrity of a root CA? Keep it in an online state and encrypt it. Only use the root CA infrequently. Password protect the root CA Keep it in an offline state from the network.
Keep it in an offline state from the network.
Select the secure alternative to the telnet protocol: SSH TLS HTTPS IPsec
SSH
What protocol, developed by Netscape in 1994, is designed to create an encrypted data path between a client and server that could be used on any platform or operating system? TLS EAP PEAP SSL
SSL
What cryptographic transport algorithm is considered to be significantly more secure than SSL? HTTPS TLS AES ESSL
TLS
A Subject Alternative Name (SAN) digital certificate is also known as a Unified Communications Certificate (UCC). True False
True
A certificate repository (CR) is a publicly accessible centralized directory of digital certificates. True False
True
A user electronically signs a Certificate Signing Request (CSR) by affixing their public key and then sending it to an intermediate certificate authority. True False
True
SSL v3.0 served as the basis for TLS v1.0. True False
True
Some cryptographic algorithms require that in addition to a key another value can or must be input. True False
True
What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs? transitive trust distributed trust bridge trust third-party trust
bridge trust
What process links several certificates together to establish trust between all the certificates involved? certificate chaining certificate pairing certificate linking certificate joining
certificate chaining
What allows an application to implement an encryption algorithm for execution? counters crypto service providers initialization vectors crypto modules
crypto service providers
What process will remove all private and public keys along with the user's identification information in the CA? revocation deletion destruction suspension
destruction
What type of trust model is used as the basis for most digital certificates used on the Internet? third-party trust related trust distributed trust managed trust
distributed trust
Which of the following certificates verifies the identity of the entity that has control over the domain name? web digital certificates root digital certificates domain validation digital certificate validation digital certificate
domain validation digital certificate
At what stage can a certificate no longer be used for any type of authentication? suspension expiration creation revocation
expiration
The process by which keys are managed by a third party, such as a trusted CA, is known as? key management key renewal key destruction key escrow
key escrow
What term best represents the resiliency of a cryptographic key to attacks? key bits key space key resiliency key strength
key strength
What is used to create session keys? domain validation master secret validation crypto modules
master secret
Which of the following is an input value that must be unique within some specified scope, such as for a given period or an entire session? salt initialization vector nonce counter
nonce
What kind of digital certificate is typically used to ensure the authenticity of a web server to a client? web server public web web client private
private
A framework for all of the entities involved in digital certificates for digital certificate management is known as: public key infrastructure private key infrastructure shared key infrastructure network key infrastructure
public key infrastructutre
Which of the following certificates are self-signed? web digital certificates user digital certificate trusted digital certificates root digital certificates
root digital certificates
What is a value that can be used to ensure that plaintext, when hashed, will not consistently result in the same digest? salt initialization vector nonce counter
salt
When two individuals trust each other because of the trust that exists between the individuals and a separate entity, what type of trust has been established? third-party mutual distributed web of
third-party