Comptia Sec+ - Certificates
Which of the following certificate formats is used to store a binary representation of a digital certificate? PFX, DER, P7B, or PEM?
Distinguished Encoding Rules (DER)
Which of the answers listed below refers to the most common format in which Certificate Authorities (CA) issue certificates? CER, PEM, DER, or P7B?
Privacy Enhanced Mail (PEM) - frequently used for web servers (think web mail servers), making them extremely common
A trusted third-party storage solution providing backup source for cryptographic keys is referred to as: Key Escrow, TPM, Recovery Agent, or CA?
Key Escrow
A digital certificate which allows multiple domains to be protected by a single certificate is known as: EV, Wildcard, SAN, or Root?
Subject Alternative Name (SAN) - Think Domain Name Solution (DNS) server having a cert.
What is the fastest way for validating a digital certificate? CRL, Key Escrow, OCSP, or CSR?
Online Certificate Status Protocol (OCSP)
Which of the following allows for checking digital certificate revocation status without contacting Certificate Authority (CA)? OCSP Stapling, CRL, Sideloading, or CSR?
Online Certificate Status Protocol (OCSP) Stapling
Which of the answers listed below refers to a method for requesting a digital certificate? CSR, CBC, CFB, or CRL?
CSR (Certificate Signing Request)
A type of trusted third party that issues digital certificates used for creating digital signatures and public-private key pairs is known as: IKE, CA, PKI, or CSP?
Certificate Authority - (CA)
Which of the following solutions allow to check whether a digital certificate has been revoked? (Select 2 answers) CIRT, CRL, OCSP, CSR, or Key Escrow?
Certificate Revocation List (CRL) + Online Certificate Status Protocol (OCSP)
A security mechanism that allows HTTPS websites to resist impersonation by attackers using fraudulent certificates is called: UTM, HPKP, DEP, or WAF?
HTTP Public Key Pinning (HPKP)
Which digital certificate formats are commonly used to store private keys? (Select 2 answers) P7B, PFX, CER, or P12?
PFX and P12, also known as PKCS #12. .pfx and .p12 are the file extensions for PCKS#12, making this a stupid trick question. PKCS#12 defines an archive file format for storing multiple crypto objects as a single file. PKCS#7 (P7B) is for certs and chain certs, NOT private keys. CER files are for X509s, NOT private keys.
Which digital certificate type allows multiple subdomains to be protected by a single certificate? Root, SAN, EV, or Wildcard?
Wildcard