Chapter 6
a. Certificate Signing Request (CSR)
1. A ____ is a specially formatted encrypted message that validates the information the CA requires to issue a digital certificate. a. Certificate Signing Request (CSR) b. digital digest c. FQDN form d. digital certificate
c. server digital certificate
10. In order to ensure a secure cryptographic connection between a web browser and a web server, a(n) ____ would be used. a. web digital certificate b. email web certificate c. server digital certificate d. personal digital certificate
d. Extended Validation SSL Certificate
11. A digital certificate that turns the address bar green is a(n) ____. a. Personal Web-Client Certificate b. Advanced Web Server Certificate (AWSC) c. X.509 Certificate d. Extended Validation SSL Certificate
c. third
12. The ____-party trust model supports CA. a. first b. second c. third d. fourth
a. are widely accepted in the industry
13. Public Key Cryptography Standards (PKCS) ____. a. are widely accepted in the industry b. are used to create public keys only c. define how hashing algorithms are created d. have been replaced by PKI
c. It is designed for use on a large scale.
14. Which statement is NOT true regarding hierarchical trust models? a. The root signs all digital certificate authorities with a single key. b. It assigns a single hierarchy with one master CA. c. It is designed for use on a large scale. d. The master CA is called the root.
b. in digests
15. Which of these is NOT where keys can be stored? a. in tokens b. in digests c. on the user's local system d. embedded in digital certificates
b. is the management of digital certificates
16. Public key infrastructure (PKI) ____. a. creates private key cryptography b. is the management of digital certificates c. requires the use of an RA instead of a CA d. generates public/private keys automatically
c. certificate policy (CP)
17. A(n) ____ is a published set of rules that govern the operation of a PKI. a. enforcement certificate (EF) b. certificate practice statement (CPS) c. certificate policy (CP) d. signature resource guide (SRG)
b. authorization
18. Which of these is NOT part of the certificate life cycle? a. revocation b. authorization c. creation d. expiration
a. Key escrow
19. ____ refers to a situation in which keys are managed by a third party, such as a trusted CA. a. Key escrow b. Remote key administration c. Trusted key authority d. Key authorization
b. Online Certificate Status Protocol (OCSP)
2. ____ performs a real-time lookup of a digital certificate's status. a. Certificate Revocation List (CRL) b. Online Certificate Status Protocol (OCSP) c. CA Registry Database (CARD) d. Real-Time CA Verification (RTCAV)
a. Secure Shell (SSH)
20. ____ is a protocol for securely accessing a remote computer. a. Secure Shell (SSH) b. Secure Sockets Layer (SSL) c. Secure Hypertext Transport Protocol (SHTTP) d. Transport Layer Security (TLS)
a. Session keys
3. ____ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. a. Session keys b. Encrypted signatures c. Digital digests d. Digital certificates
a. SSL v2.0
4. Which of these is considered the weakest cryptographic transport protocol? a. SSL v2.0 b. TLS v1.0 c. TLS v1.1 d. TLS v1.3
c. digital certificate
5. The strongest technology that would assure Alice that Bob is the sender of a message is a(n) ____. a. digital signature b. encrypted signature c. digital certificate d. digest
d. the user's identity with his public key
6. A digital certificate associates ____. a. a user's private key with the public key b. a private key with a digital signature c. a user's public key with his private key d. the user's identity with his public key
c. to verify the authenticity of the Registration Authorizer
7. Digital certificates can be used for each of these EXCEPT ____. a. to encrypt channels to provide secure communication between clients and servers b. to verify the identity of clients and servers on the Web c. to verify the authenticity of the Registration Authorizer d. to encrypt messages for secure email communications
a. Certificate Authority (CA)
8. An entity that issues digital certificates is a ____. a. Certificate Authority (CA) b. Signature Authority (SA) c. Certificate Signatory (CS) d. Digital Signer (DS)
b. Certificate Repository (CR)
9. A centralized directory of digital certificates is called a(n) ____. a. Digital Signature Approval List (DSAP) b. Certificate Repository (CR) c. Authorized Digital Signature (ADS) d. Digital Signature Permitted Authorization (DSPA)
a. Certificate practice statement (CPS)
(BYUIQ) A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate, is known as? a. Certificate practice statement (CPS) b. Certificate policy (CP) c. Lifecycle policy (LP) d. Access policy (AP)
a. Public key infrastructure
(BYUIQ) A framework for all of the entities involved in digital certificates for digital certificate management is known as: a. Public key infrastructure b. Network key infrastructure c. Private key infrastructure d. Shared key infrastructure
c. TLS v1.2 is considered more secure than any version of SSL
(BYUIQ) How are TLS and SSL currently different in regards to security? a. TLS and SSL are interchangeable b. SSL is used externally and TLS is used within private networks c. TLS v1.2 is considered more secure than any version of SSL d. SSL v2.0 is more secure than TLS v1.1
c. Certification Authority
(BYUIQ) Select below the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates: a. Registration Authority b. Delegation Authority c. Certification Authority d. Participation Authority
b. IPSec
(BYUIQ) The Authentication Header (AH) protocol is a part of what encryption protocol suite below? a. TLS 3.0 b. IPSec c. GPG d. SSL
a. Key escrow
(BYUIQ) The process by which keys are managed by a third party, such as a trusted CA, is known as ____. a. Key escrow b. Key destruction c. Key renewal d. Key management
c. The key is split in two halves, then encrypted by a third party
(BYUIQ) What is involved in key escrow? a. A key is encrypted with several different random algorithms by a third party b. A key is downloaded from a third party every time it is used c. The key is split in two halves, then encrypted by a third party d. Fragments of a key are sent to several third parties and stored in different locations
b. IPSec
(BYUIQ) What protocol below supports two encryption modes: transport and tunnel? a. HTTPS b. IPSec c. SSL d. TLS
b. Hashing
(BYUIQ) What type of cryptographic algorithm can be used to ensure the integrity of a file's contents? a. Blocking b. Hashing c. Encrypting d. Cloning
c. The pre-master secret is used to create a master key, which can then create session keys for symmetric encryption.
(BYUIQ) Why is a pre-master secret an important component of a web browser and web server handshake? a. The pre-master secret generates a pre-master key that creates asymmetric keys for the transmission. b. The pre-master secret is what shares public and private keys between the involved parties. c. The pre-master secret is used to create a master key, which can then create session keys for symmetric encryption. d. The pre-master secret generates a hash to ensure integrity of the encryption key.
