Module 07: Public Key Infrastructure and Cryptographic Protocols

Ace your homework & exams now with Quizwiz!

expiration

The date of a digital certificate when it ceases to function.

user digital certificate

The endpoint of the certificate chain.

certificate authority (CA)

The entity that is responsible for digital certificates.

intermediate certificate authority (CA)

An entity that processes the CSR and verifies the authenticity of the user on behalf of a certificate authority (CA).

unauthentication mode of operation

An information service that provides a noncredentializing service such as confidentiality by a block cipher mode of operation.

authentication mode of operation

An information service that provides credentialing by a block cipher mode of operation.

.P7B

The file extension for a Cryptographic Message Syntax Standard based on PKCS#7 that defines a generic syntax for defining digital signature and encryption.

.P12

The file extension for a Personal Information Exchange Syntax Standard based on PKCS#12 that defines the file format for storing and transporting a user's private keys with a public key certificate.

.cer

The file extension for an X.509 certificate that is stored in a binary file.

what can a digital certificate NOT be used for?

To verify the authenticity of the CA

True or False: A cipher suite is a named combination of the encryption, authentication, and message authentication code (MAC) algorithms that are used with TLS.

True

True or False: Counter (CTR) mode requires that both the message sender and receiver access a counter, which computes a new value each time a ciphertext block is exchanged.

True

Transport mode

An IPsec mode that encrypts only the data portion (payload) of each packet yet leaves the header unencrypted.

Authentication Header (AH)

An IPsec protocol that authenticates that packets received were sent from the source.

Encapsulating Security Payload (ESP)

An IPsec protocol that encrypts packets.

Counter (CTR)

A block cipher mode of operation that both the message sender and receiver access a counter, which computes a new value each time a ciphertext block is exchanged.

online CA

A certificate authority that is directly connected to a network.

offline CA

A certificate authority that is not directly connected to a network.

email digital certificate

A certificate that allows a user to digitally sign and encrypt mail messages.

root digital certificate

A certificate that is created and verified by a CA

Personal Information Exchange (PFX)

An X.509 file format that is the preferred file format for creating certificates to authenticate applications or websites.

Privacy Enhancement Mail (PEM)

An X.509 file format that uses DER encoding and can have multiple certificates.

SSL stripping

An attack that manipulates SSL functions by intercepting an HTTP connection.

Secure Sockets Layer (SSL)

An early and widespread cryptographic transport algorithm that is now considered obsolete.

Secure Shell (SSH)

An encrypted alternative to the Telnet protocol that is used to access remote computers.

registration authority

An entity that is responsible for verifying the credentials of the applicant for a digital certificate.

Certificate Revocation List (CRL)

A list of certificate serial numbers that have been revoked.

cipher suite

A named combination of the encryption, authentication, and message authentication code (MAC) algorithms that are used with TLS and SSL.

stapling

A process for verifying the status of a certificate by sending queries at regular intervals to receive a signed time-stamped response

Key escrow

A process in which keys are managed by a third party, such as a trusted CA.

Online Certificate Status Protocol (OCSP)

A process that performs a real-time lookup of a certificate's status.

Secure Real-time Transport Protocol (SRTP)

A protocol for providing protection for Voice over IP (VoIP) communications.

Secure/Multipurpose Internet Mail Extensions (S/MIME)

A protocol for securing e________ messages.

Internet Protocol Security (IPsec)

A protocol suite for securing Internet Protocol (IP) communications.

self-signed

A signed digital certificate that does not depend upon any higher-level authority for authentication.

Certificate Signing Request (CSR)

A user request for a digital certificate.

Transport Layer Security (TLS)

A widespread cryptographic transport algorithm that replaces SSL.

Subject Alternative Name (SAN)

Also known as a Unified Communications Certificate (UCC), certificate primarily used for Microsoft Exchange servers or unified communications.

tunnel mode

An IPsec mode that encrypts both the header and the data portion.

Which is NOT a means by which a newly approved root digital certificate is distributed

Application Updates

what is achieved by Security Orchestration, Automation, Response (SOAR)?

Automation

A centralized directory of digital certificates is called a(n):

Certificate repository (CR)

Extended Validation (EV) certificate

Certificate that requires more extensive verification of the legitimacy of the business than does a domain validation digital certificate.

domain validation digital certificate

Certificate that verifies the identity of the entity that has control over the domain name.

code signing digital certificate

Certificate used by software developers to digitally sign a program to prove that the software comes from the entity that signed it and that no unauthorized third party has altered it.

wildcard digital certificate

Certificate used to validate a main domain along with all subdomains.

machine/computer digital certificate

Certificate used to verify the identity of a device in a network transaction.

What is the strongest technology that would assure you who is the sender of a message?

Digital certificate

What attributes are required for an x.509 compliant digital certificate?

Encryption Keys, Common Name, & Validation Period

True or False: A block cipher mode of operation specifies how block ciphers should handle streams.

False

True or False: A digital certificate is a technology used to associate a user's identity to a public key and that has been digitally signed by the owner of the private key.

False

True or False: A root CA should always be kept online

False

True or False: SSL is a replacement cryptographic protocol for TLS.

False

True or False: When a digital certificate is revoked, the user must update internal records and any CRL with the required certificate information and time stamp.

False

certificate attributes

Fields in an X.509 digital certificate that are used when parties negotiate a secure connection.

What tasks must be completed before a user requests a certificate from a CA

Generate private and public keys

pinning

Hard-coding a digital certificate within a program that is using the certificate.

block cipher mode of operation

How block ciphers handle blocks of ciphertext by using a symmetric key block cipher algorithm to provide an information service.

which entity in the certificate authority (CA) hierarchy validates the certificate request from a client?

Registration Authority (RA)

True or False: The hierarchical trust model assigns a single hierarchy with one master CA called the root.

True

certificate chaining

Linking several certificates together to establish trust between all the certificates involved.

Which method of threat hunting includes disrupt, deny, destroy, and degrade actions?

Maneuvering

You want the latest status of a digital certificate. Which technology or protocol would you use?

Online Certificate Status Protocol (OCSP)

What is the file extension for a Cryptographic Message Syntax Standard based on PKCS#7 that defines a generic syntax for defining digital signature and encryption?

P7B

Which is a protocol for securely accessing a remote computer in order to issue a command?

Secure Shell (SSH)

Which protocol would you use to access a remote computer and execute commands?

Secure Shell (SSH)

Which of the following is used for continuous monitoring of logs?

Security information and event management (SIEM)

which certificates should you use with a Web server for testing purposes?

Self-Signed

______________ ________ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity.

Session keys

key management

The administration by PKI of all the elements involved in digital certificates for digital certificate management of public keys and digital certificates.

common name (CN)

The name of the device protected by the digital certificate.

trust model

The type of trust relationship that can exist between individuals or entities.

Public key infrastructure (PKI)

The underlying infrastructure for the management of public keys used in digital certificates.

Which is the first step in a key exchange?

The web browser sends a message ("ClientHello") to the server.

Canonical Encoding Rules (CER) & Distinguished Encoding Rules (DER)

X.509 encoding formats.

Hypertext Transport Protocol Secure (HTTPS)

________ sent over TLS (Transport Layer Security) or SSL (Secure Sockets Layer).


Related study sets

[ACECFAS] INVESTMENT IN ASSOCIATE (TOA)

View Set

Chapter 10 The Endocrine System Practice Test

View Set

Principles of Developmental Psychology Final Exam

View Set

immune system: age related changes

View Set

Chapter 9: The Renaissance In Europe

View Set

9 kl. 1-1. Прилагательные

View Set