Chapter 4
Select the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates: A. Participation Authority B. Delegation Authority C. Registration Authority D. Certification Authority
D
The strongest technology that would assure Alice that Bob is the sender of a message is a(n) _____. A. digital signature B. encrypted signature C. digest D. digital certificate
D
What block cipher mode of operation encrypts plaintext and computes a message authentication code to ensure that the message was created by the sender and that it was not tampered with during transmission? A. Electronic Code Book B. Counter C. Cipher Block Chaining D. Galois/Counter
D
What is a value that can be used to ensure that plaintext, when hashed, will not consistently result in the same digest? A. counter B. initialization vector C. nonce D. salt
D
Which of the following is an input value that must be unique within some specified scope, such as for a given period or an entire session? A. initialization vector B. counter C. salt D. nonce
D
Digital certificates should last forever. True False
False
Root digital certificates are should never be self-signed. True False
False
Stream ciphers work on multiple characters at a time. True False
False
A digital certificate associates _____. A. the user's identity with his public key B. a user's public key with his private key C. a user's private key with the public key D. a private key with a digital signature
A
What protocol, developed by Netscape in 1994, is designed to create an encrypted data path between a client and server that could be used on any platform or operating system? A. SSL B. PEAP C. TLS D. EAP
A
What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs? A. bridge trust B. transitive trust C. third-party trust D. distributed trust
A
Which statement is NOT true regarding hierarchical trust models? A. It is designed for use on a large scale. B. The root signs all digital certificate authorities with a single key. C. The master CA is called the root. D. It assigns a single hierarchy with one master CA.
A
Which of the following is a valid way to check the status of a certificate? (Choose all that apply.) A. Online Certificate Status Protocol B. Revocation List Protocol C. Certificate Revocation List D. Certificate Revocation Authority
A, C
A(n) _____ is a published set of rules that govern the operation of a PKI. A. signature resource guide (SRG) B. certificate policy (CP) C. enforcement certificate (EF) D. certificate practice statement (CPS)
B
Select the secure alternative to the telnet protocol: A. HTTPS B. SSH C. TLS D. IPsec
B
What type of trust model is used as the basis for most digital certificates used on the Internet? A. third-party trust B. distributed trust C. related trust D. managed trust
B
Which digital certificate displays the name of the entity behind the website? A. D. X.509 Certificate B. Extended Validation (EV) Certificate C. Session Certificate D. Online Certificate Status Certificate
B
A(n) _____ is a published set of rules that govern the operation of a PKI. A. enforcement certificate (EF) B. signature resource guide (SRG) C. certificate policy (CP) D. certificate practice statement (CPS)
C
An entity that issues digital certificates is a _____. A. Certificate Signatory (CS) B. Signature Authority (SA) C. Certificate Authority (CA) D. Digital Signer (DS)
C
Which digital certificate displays the name of the entity behind the website? A. Online Certificate Status Certificate B. Session Certificate C. Extended Validation (EV) Certificate D. D. X.509 Certificate
C
Which of the following certificates are self-signed? A. trusted digital certificates B. web digital certificates C. root digital certificates D. user digital certificate
C
Which of the following is NOT a method for strengthening a key? A. Cryptoperiod B. Randomness C. Variability D. Length
C
Which of these is considered the strongest cryptographic transport protocol? A. SSL v2.0 B. SSL v2.0 C. TLS v1.2 D. TLS v1.0
C
A Subject Alternative Name (SAN) digital certificate, is also known as a Unified Communications Certificate (UCC). True False
True
A certificate repository (CR) is a publicly accessible centralized directory of digital certificates. True False
True
A user electronically signs a Certificate Signing Request (CSR) by affixing their public key and then sending it to an intermediate certificate authority. True False
True
SSL v3.0 served as the basis for TLS v1.0. True False
True
Some CAs issue only entry-level certificates that provide domain-only validation. True False
True
Some cryptographic algorithms require that in addition to a key another value can or must be input. True False
True