3.5.10
A private key has been stolen. Which action should you take to deal with this crisis? answer Place the private key in escrow Delete the public key Recover the private key from escrow Add the digital certificate to the CRL
Add the digital certificate to the CRL
A PKI is an implementation for managing which type of encryption? answer Symmetric Hashing Asymmetric Steganography
Asymmetric
You are concerned that if a private key is lost, all documents encrypted with your private key will be inaccessible. Which service should you use to solve this problem? answer OCSP RA Key escrow CSP
Key escrow
Which technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large, complex environments? answer Key escrow Certificate revocation list Private key recovery Online Certificate Status Protocol
Online Certificate Status Protocol
A medium-sized e-commerce company is planning to upgrade their website's security by acquiring a certificate from a certificate authority (CA). The company wants to ensure that the certificate not only validates their domain ownership but also verifies the legitimacy of their organization. They are also looking for a validation process that can be completed within 1 to 3 days. As the IT manager for the company, which level of CA validation would you recommend? answer Organization validation Extended validation Domain validation Self-signed certificate
Organization validation
In the process of obtaining a digital certificate, which entity may a certificate authority rely on to perform the validation of the certificate signing request (CSR)? answer Certificate revocation list Root authority Registration authority Online Certificate Status Protocol
Registration authority
An SSL client has determined that the certificate authority (CA) issuing a server's certificate is on its list of trusted CAs. What is the next step in verifying the server's identity? answer The domain on the server certificate must match the CA's domain name. The CA's public key validates the CA's digital signature on the server certificate. The post-master secret must initiate subsequent communication. The master secret is generated from common key code.
The CA's public key validates the CA's digital signature on the server certificate.
Which of the following would require that a certificate be placed on the CRL? answer The private key is compromised. The certificate validity period is exceeded. The encryption key algorithm is revealed. The signature key size is revealed.
The private key is compromised.
Which of the following statements accurately describes the root of trust model in a public key infrastructure (PKI)? answer The root of trust model defines how users and different CAs can trust one another, with each CA issuing itself a root certificate. In the root of trust model, the root certificate is issued by a third-party CA, not the organization's own CA. The root of trust model involves a root certificate that is issued by a user, not a CA. The root of trust model involves multiple root certificates, each issued by a different certificate authority (CA).
The root of trust model defines how users and different CAs can trust one another, with each CA issuing itself a root certificate.
The network administrator for an international e-commerce company that operates multiple online stores must ensure secure communication across various subdomains. To streamline secure sockets layer/transport layer security (SSL/TLS) certificate management and implement a robust public key infrastructure (PKI), the network administrator must identify the most suitable solution for efficiently securing the company's numerous subdomains within the PKI. What is the MOST suitable solution for efficiently securing the multiple subdomains of the company's online stores within the PKI? answer Certificate pinning Wildcard certificates Certificate revocation lists (CRLs) Self-signed certificates
Wildcard certificates
