Chapter 3 sections 4-6

Which of the following would you find on a CPS? a) A list of revoked certificates b) A declaration of the security that the organization is implementing for all certificates c) A list of issued certificates d) A description of the format for a certificate

A declaration of the security that the organization is implementing for all certificates

What is PKI? a) An algorithm for encrypting and decrypting data b) A hierarchy of computers for issuing certificates c) A program that generates key pairs d) A program that defines secure key exchange

A hierarchy of computers for issuing certificates

Which of the following conditions does not result in a certificate being added to the certificate revocation list? a) Committing a crime using the certificate b) Invalid identity credentials c) Certificate expiration d) Private key compromise

Certificate expiration

Which of the following algorithms are used in asymmetric encryption (Select two) a) Blowfish b) Diffie-Hellman c) RSA d) Twofish e) AES

Diffie-Hellman, RSA

Which of the following is a direct protection of integrity? a) Symmetric encryption b) Digital signature c) Asymmetric encryption d) Digital envelope

Digital signature

Secure Multi-Purpose Internet Mail Extensions (S/MIME) is used primarily to protect what? a) Instant messages b) E-mail attachments c) Newsgroup postings d) Web surfing e) E-mail attachments

E-mail attachments

Which form of asymmetric cryptography is based on Diffie-Hellman? a) RSA b) Merkle-Hellman Knapsack c) El Gamal d) ECC

El Gamal

What is the main function of a TPM hardware chip? a) Control access to removable media b) Perform bulk encryption in a hardware processor c) Generate and store cryptographic keys d) Provide authentication credentials on a hardware device

Generate and store cryptographic keys

The PGP or Pretty Good Privacy encryption utility relies upon what algorithms? (Select two.) a) 3DES b) AES c) IDEA d) Blowfish

IDEA, 3DES

Which of the following can be used to encrypt Web, e-mail, telnet, file transfer, and SNMP traffic? a) SHTIP (Secure Hypertext Transfer Protocol) b) IPSec (Internet Protocol Security) c) EFS (Encryption File System) 5) SSL (Secure Sockets Layer)

IPSec (Internet Protocol Security)

To obtain a digital certificate and participate in a Public Key Infrastructure (PKI), what must be submitted and where should it be submitted? a) Identifying data and a certificate request to the registration authority (RA) b) Identifying data with the 3DES block cipher to the hosting certificate authority (CA) c) Identifying data and a secret key request to the subordinate distribution authority (DA) d) Identifying data with the MAC and IP addresses to the root certificate authority

Identifying data and a certification request to the registration authority (RA)

Mary wants to send a message to Sam. She wants to digitally sign the message to prove the she sent it. Which key would Mary use to create the digital signature? a) Mary's private key b) Sam's public key c) Mary's public key d) Sam's private key

Mary's private key

What is the best time to apply for certificate renewal? a) Immediately after a certificate is issued b) Just after a certificate expires c) After a certificate has been revoked d) Near the end of a certificate's valid lifetime

Near the end of a certificate's valid lifetime

You have a Web server that will be used for secure transactions for customers who access the Web site over the Internet. The Web server requires a certificate to support SSL. Which method would you use to get a certificate for the server? a) Obtain a certificate from a public PKI b) Run a third-party tool to generate the certifcate c) Have a server generate its on certificate d) Create your own internal PKI to issue certificates

Obtain a certificate from a public PKI

What technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large complex environments? a) Private key recovery b) Online Certificates Status Protocol c) Key Escrow d) Certificate Revocation List

Online Certificate Status Protocol

Above all else what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates? a) Private keys b) Hash values c) Cryptographic algorithim d) Public keys

Private keys

What is the primary use of Secure Electronic Transaction (SET)? a) Validate the integrity of database changes b) Protect credit card information transmissions c) Encrypt e-commerce traffic d) Secure electronic checking account transactions

Protect credit card information transmissions

Which of the following items are contained in a digital certificate? (Select two) a) Private key b) Root CA secret key b) Public key d) Validity period

Public key, Validity period

Which public key encryption system does PGP (Pretty Good Privacy) use for key exchange and digital signatures? a) El Gamal b) Elliptic Curve c) RSA d) Merkle-Hellman Knapsack

RSA

You have lost the private key that you have used to encrypt a file. You need to get a copy of the private key to open some encrypted files. Who should you contact? a) Recovery agent b) Enrollment agent c) Certification authority d) Registration authority

Recovery agent

Which of the following is an entity that accepts and validates information contained within a request for a certificate? a) Certificate authority b) Enrollment agent c) Registration authority d) Recovery agent

Registration authority

Which security mechanism can be used to harden or protect e-commerce traffic from Web servers? a) Penetration testing b) Access control lists c) SSL d) Removing unneeded protocols

SSL

Mary wants to send a message to Sam so that only Sam can read it. Which key would be used to encrypt the message? a) Sam's private key b) Sam's public key c) Mary's public key

Sam's public key

The strength of a cryptosystem is dependent upon which of the following? a) Complexity of a cipher text b) Integrity of the individuals who created the cryptosystem c) Secrecy of the key d) Secrecy of the algorithm

Secrecy of the key

A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. What must the receiver use to access the hashing value to verify the integrity of the transmission? a) Receiver's private key b) Sender's private key c) Sender's public key d) Receiver's public key

Sender's public key

Which of the following communications encryption mechanisms has a specific version for wireless communications? a) TLS (Transport Layer Security) b) HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) c) SSL (Secure Sockets Layer) d) IPSec (Internet Protocol Security)

TLS (Transport Layer Security)

Which of the following technologies is based upon SSL (Secure Sockets Layer)? a) TLS (Transport Layer Security) b) S/MIME (Secure Multipurpose nternet Mail Extensions) c) IPSec (Internet Protocol Security) d) L2TP (Layer 2 Tunneling Protocol)

TLS (Transport Layer Security)

What is the purpose of the key escrow? a) To provide a means for legal authorities to access confidential data b) Collection of additional fees over the life of using a public digital certificate c) To provide a means to recover a lost private key d) To grant the certificate authority over the communication environment

To provide a means for legal authorities to access confidential data

Which aspect of certificates makes them a reliable and useful mechanism for proving the identity of a person, system, or service on the internet? a) Ease of use b) Electronic signatures c) Trusted third party d) It is a digital mechanism rather than a physical one

Trusted third party

How many keys are used with Public Key Cryptography? a) One b) Two c) Three d) Four

Two

How many keys are used with asymmetric or public key cryptography? a) One b) Two c) Three d) Four

Two

Which of the following is not true in regards to S/MIME? a) Uses IDEA encryption b) Uses X.509 version 3 certificates c) Included in most Web browsers d) Authenticates through digital signatures

Uses IDEA encryption

Which of the following are characteristics of ECC (Select two) a) Uses multiplication of large prime numbers b) Symmetric encryption c) Uses a finite set of values within an algebraic field d) Asymmetric encryption

Uses a finite set of values within an algebraic field, Asymmetric encryption

HTIPS (Hypertext Transfer Protocol over Secure Socket Layer) can be used to provide security for what type of traffic? a) E-mail b) Telnet c) Web d) FTP

Web

Match each public-key cryptography key management mechanism on the left with the corresponding description on the right. Each mechanism may be used once, more than once, or not at all. Drag: -Ephemeral keys -Static keys -Perfect forward secrecy -DHE -ECDH Drop: -Implements the Diffie-Hellman key exchange protocol using elliptic curve cryptography -Exists only for the lifetime of a specific communication session -Uses no deterministic algorithm when generating public keys -Can be reused by multiple communication sessions

-Implements the Diffie-Hellman key exchange protocol using elliptic curve cryptography; *ECDH* -Exists only for the lifetime of a specific communication session; *Ephemeral keys* -Uses no deterministic algorithm when generating public keys; *Perfect forward secrecy* -Can be reused by multiple communication sessions; *Static keys*

A PKI is a method for managing which type of encryption? a) Steganography b) Asymmetric c) Symmetric d) Hashing

Asymmetric

What form of cryptography is scalable for use in very large and ever-expanding environments where data is frequently exchanged between different communication partners? a) Hashing cryptography b) Symmetric cryptography c) Private key cryptography d) Asymmetric cryptography

Asymmetric cryptography

Which of the following statements is true when comparing symmetric and asymmetric cryptography? a) Symmetric key cryptography uses a public and private key pair b) Asymmetric key cryptography is quicker than symmetric key cryptography while processing large amounts of data c) Symmetric key cryptography should be used for large, expanding environments d) Asymmetric key cryptography is used to distribute symmetric keys

Asymmetric key cryptography is used to distribute symmetric keys

In what form of key management solution is key recovery possible? a) Centralized b) Decentralized c) Public d) Hierarchical

Centralized

Which of the following generates the key pair used in asymmetric cryptography? a) CPS b) CRL c) CSP d) OCSP e) CA

CSP

Which cryptography system generates encryption keys that could be used with DES, AES, IDEA, RC5 or any other symmetric cryptography solution? a) Diffie-Hellman b) Elliptical key c) Merkle-Hellman Knapsack d) RSA

Diffie-Hellman

What form of cryptography is not scalable as a stand-alone system for use in very large and ever expanding environments where data is frequently exchanged between different communication partners? a) Hashing cryptography b) Public key cryptography c) Asymmetric cryptography d) Symmetric cryptography

Symmetric cryptography