Chapter 6 Review Questions
__________ is a protocol for securely accessing a remote computer. a. Secure Shell (SSH) b. Secure Sockets Layer (SSL) c. Secure Hypertext Transport Protocol (SHTTP) d. Transport Layer Security (TLS)
a. Secure Shell (SSH)
_________ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. a. Session keys b. Encrypted signatures c. Digital digests d. Digital certificates
a. Session keys
Public Key Cryptography Standards (PKCS) __________ a. are widely accepted in the industry b. are used to create public keys only c. define how hashing algorithms are created d. have been replaced by PKI
a. are widely accepted in the industry
A centralized directory of digital certificates is called a (n) ____ a. Digital Signature Approval List (DSAP) b. Certificate Repository (CR) c. Authorized Digital Signature (ADS) d. Digital Signature Permitted Authorization (DSPA)
b. Certificate Repository (CR)
__________ performs a real-time lookup of a digital certificate's status. a. Certificate Revocation List (CRL) b. Online Certificate Status Protocol (OCSP) c. CA Registry Database (CARD) d. Real-Time CA Verification (RTCAV)
b. Online Certificate Status Protocol (OCSP)
An entity that issues digital certificates is a ______ a. Certificate Authority (CA) b. Signature Authority (SA) c. Certificate Signatory (CA) d. Digital Signer (DS)
a. Certificate Authority (CA)
A _____________ is a specially formatted encrypted message that validates the information the CA requires to issue a digital certificate. a. Certificate Signing Request (CSR) b. digital digest c. FQDN form d. digital certificate
a. Certificate Signing Request (CSR)
Which statement is NOT true regarding hierarchical trust models? a. The root signs all digital certificate authorities with a single key. b. It assigns a single hierarchy with one master CA. c. It is designed for use on a large scale d. The master CA is called the root.
c. It is designed for use on a large scale
A(n)_________is a published set of rules that govern the operation of a PKI. a. enforcement certificate (EF) b. certificate practice statement (CPS) c. certificate policy (CP) d. signature resource guide (SRG)
c. certificate policy (CP)
The strongest technology that would assure Alice that Bob is the sender of a message is a(n)_________. a. digital signature b. encrypted signature c. digital certificate d. digest
c. digital certificate
The _________-party trust model supports CA a. first b. second c. third d. fourth
c. third
a digital certificate that turns the address bar green is a (n) ________ a. Personal Web-Client Certificate b. Advanced Web Server Certificate (AWSC) c X.509 Certificate d. Extended Validation SSL Certificate
d. Extended Validation SSL Certificate
In order to ensure a secure cryptographic connection between a web browser and a web server, a (n)________ would be used. a. web digital certificate b. email web certificate d. server digital certificate d personal digital certificate
d. server digital certificate
A digital certificate associates _________. a. a user's private key with the public key b. a private key with a digital signature c. a user's public key with his private key d. the user's identity with his public key
d. the user's identity with his public key
Digital certificates can be used for each of these EXCEPT_______ a. to encrypt channels to provide secure communication between clients and servers b. to verify the identity of clients and servers on the web c. to verify the authenticity of the Registration Authorizer d. to encrypt messages for secure email communications
d. to encrypt messages for secure email communications
___________ refers to a situation which keys are managed by a third party, such as a trusted CA. a. Key escrow b. Remote key administration c. Trusted key authority d. Key Authorization
a. Key escrow
Which of these is considered the weakest cryptographic transport protocol? a. SSL v2.0 b. TLS v1.0 c. TLS v1.1 d. TLS v1.3
a. SSL v2.0
Which of these is NOT part of the certificate life cycle? a. revocation b. authorization c. creation d. expiration
b. authorization
Which of these is NOT where keys can be stored? a. in tokens b. in digests c. on the user's local system d. embedded in digital certificates
b. in digests
Public key infrastructure (PKI) _________. a. creates private key cryptography b. is the management of digital certificates. c. requires the use of a an RA instead of a CA d. generates public/private keys automatically
b. is the management of digital certificates.