ITN 260 Module 7 Review
Olivia is explaining to a friend about digital certificates. Her friend asks what two entities a digital certificate associates or binds together. What would Olivia say? a. The user's symmetric key with the public key b. The user's identity with their public key c. A private key with a digital signature d. The user's public key with their private key
the user's identity with his public key
Which of the following is NOT a means by which a newly approved root digital certificate is distributed? a. Web browser updates b. OS updates c. Application updates d. Pinning
Application updates
What is the name of the device protected by a digital certificate? a. V2X2 b. RCR c. TLXS d. CN
CN
What is the file extension for a Cryptographic Message Syntax Standard based on PKCS#7 that defines a generic syntax for defining digital signature and encryption? a. .P12 b. .P7B c. .xdr d. .cer
.P7B
Which is an IPsec protocol that authenticates that packets received were sent from the source? a. AH b. CER c. PXP d. DER
AH
Which block cipher mode of operating requires that both the message sender and receiver access a counter that computes a new value whenever a ciphertext block is exchanged? a. CXL b. CTR c. CD d. CN
CTR
An entity that issues digital certificates is a _____.
Certificate Authority (CA)
A centralized directory of digital certificates is called a(n) _____. a. Digital signature approval List (DSAP) b. Certificate repository (CR) c. Authorized digital signature (ADS) d. Digital signature permitted authorization (DSPA)
Certificate Repository (CR)
What is the name of the fields in an X.509 digital certificate that are used when the parties negotiate a secure connection? a. Electronic Code Book (ECB) repositories b. Certificate attributes c. CTR d. PFX
Certificate attributes
What entity calls in crypto modules to perform cryptographic tasks? a. OCSP b. Intermediate CA c. Crypto service provider d. Certificate Authority (CA)
Crypto service provider
Juan needs a certificate that must only authenticate that a specific organization has the right to use a particular domain name. What type of certificate does he need? a. Extended validation b. Domain validation c. Website validation d. Root
Domain validation
How is confidentiality achieved through IPsec? a. AHA b. ISAKMP c. AuthX d. ESP
ESP
_____ refers to a situation in which keys are managed by a third party, such as a trusted CA. a. Remote key administration b. Key authorization c. Key escrow d. Trusted key authority
Key escrow
_____ performs a real-time lookup of a digital certificate's status. a. Real-Time CA Verification (RTCAV) b. Online Certificate Status Protocol (OCSP) c. Staple d. Certificate Revocation List (CRL)
Online Certificate Status Protocol (OCSP)
Who verifies the authenticity of a CSR? a. Certificate authority b. Registration authority c. Signature authority d. Certificate signatory
Registration authority
_____ is a protocol for securely accessing a remote computer. a. Secure Shell (SSH) b. Transport Layer Security (TLS) c. Secure Sockets Layer (SSL) d. Secure Hypertext Transport Protocol (SHTTP)
Secure Shell (SSH)
_____ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. a. Digital certificates b. Encrypted signatures c. Session keys d. Digital digests
Session keys
Which is the first step in a key exchange? a. The web browser sends a message ("ClientHello") to the server. b. The browser generates a random value ("pre-master secret"). c. The web browser verifies the server certificate. d. The web server sends a message ("ServerHello") to the client.
The web browser sends a message ("ClientHello") to the server.
What is the purpose of certificate chaining? a. To lookup the name of intermediate RA b. To ensure that a web browser has the latest root certificate updates c. To hash the private key d. To group and verify digital certificates
To group and verify digital certificates
Which of the following can a digital certificate NOT be used for? a. To verify the authenticity of the CA b. To verify the identity of clients and servers on the Web c. To encrypt messages for secure email communications d. To encrypt channels to provide secure communication between clients and servers
To verify the authenticity of the CA
The strongest technology that would assure Alice that Bob is the sender of a message is a(n) _____. a. Encrypted signature b. Digital signature c. Digest d. Digital certificate
digital certificate
