Quiz Module 07 Public Key Infrastructure and Cryptographic Protocols

Ace your homework & exams now with Quizwiz!

Olivia is explaining to a friend about digital certificates. Her friend asks what two entities a digital certificate associates or binds together. What would Olivia say? a. The user's identity with their public key b. A private key with a digital signature c. The user's symmetric key with the public key d. The user's public key with their private key

The user's identity with their public key A digital certificate is a technology used to associate a user's identity to a public key and that has been digitally signed by a trusted third party.

How is confidentiality achieved through IPsec? a. ESP b. AuthX c. ISAKMP d. AHA

ESP Encapsulating Security Payload (ESP) is an IPsec protocol that encrypts packets.

What is the name of the device protected by a digital certificate? a. CN b. RCR c. TLXS d. V2X2

CN The common name (CN) is the name of the device protected by the digital certificate. The CN can be a single device (www.example.com) or a wildcard certificate (*.example.com) but is not the URL (https://example.com).

What is the name of the fields in an X.509 digital certificate that are used when the parties negotiate a secure connection? a. PFX b. Certificate attributes c. Electronic Code Book (ECB) repositories d. CTR

Certificate attributes There are several different certificate attributes that make up an X.509 digital certificate. These attributes are used when the parties negotiate a secure connection.

Which is a protocol for securely accessing a remote computer in order to issue a command? a. Secure Shell (SSH) b. Secure Sockets Layer (SSL) c. Secure Hypertext Transport Protocol (SHTTP) d. Transport Layer Security (TLS)

Secure Shell (SSH) Secure Shell (SSH) is an encrypted alternative to the Telnet protocol that is used to access remote computers. SSH is a Linux/UNIX-based command interface and protocol for securely accessing a remote computer.

What is the purpose of certificate chaining? a. To lookup the name of intermediate RA b. To hash the private key c. To ensure that a web browser has the latest root certificate updates d. To group and verify digital certificates

To group and verify digital certificates Grouping and verifying digital certificates relies on certificate chaining. Certificate chaining creates a path between the trusted root CAs (of which there are a few) and intermediate CAs (of which there are many) with the digital certificates that have been issued.

Which is an IPsec protocol that authenticates that packets received were sent from the source? a. PXP b. AH c. DER d. CER

AH IPsec authenticates that packets received were sent from the source. This is identified in the header of the packet to ensure that no specific attacks took place to alter the contents of the packet. This is accomplished by the Authentication Header (AH) protocol.

Which of the following is NOT a means by which a newly approved root digital certificate is distributed? a. Application updates b. OS updates c. Web browser updates d. Pinning

Application updates Updates to applications cannot contain root digital certificates.

Which refers to a situation in which keys are managed by a third party, such as a trusted CA? a. Trusted key authority b. Key authorization c. Key escrow d. Remote key administration

Key escrow Key escrow refers to a process in which keys are managed by a third party, such as a trusted CA. In key escrow, the private key is split and each half is encrypted. The two halves are registered and sent to the third party, which stores each half in a separate location.

_____ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. a. Encrypted signatures b. Session keys c. Digital certificates d. Digital digests

Session keys The master secret is used to create session keys, which are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity.

Which block cipher mode of operating requires that both the message sender and receiver access a counter that computes a new value whenever a ciphertext block is exchanged? a. CD b. CTR c. CXL d. CN

CTR Counter (CTR) mode requires that both the message sender and receiver access a counter, which computes a new value each time a ciphertext block is exchanged. The weakness of CTR is that it requires a synchronous counter for both the sender and receiver.

A centralized directory of digital certificates is called a(n) _____. a. Authorized digital signature (ADS) b. Digital signature approval List (DSAP) c. Digital signature permitted authorization (DSPA) d. Certificate repository (CR)

Certificate repository (CR) A certificate repository (CR) is a publicly accessible centralized directory of digital certificates that can be used to view the status of a digital certificate. This directory can be managed locally by setting it up as a storage area that is connected to the CA server.

What entity calls in crypto modules to perform cryptographic tasks? a. Crypto service provider b. OCSP c. Certificate Authority (CA) d. Intermediate CA

Crypto service provider A crypto service provider allows an application to implement an encryption algorithm for execution. Typically, crypto service providers implement cryptographic algorithms, generate keys, provide key storage, and authenticate users by calling various crypto modules to perform the specific tasks.

What is the strongest technology that would assure Alice that Bob is the sender of a message? a. Digital certificate b. Digital signature c. Digest d. Encrypted signature

Digital certificate A digital certificate is a technology used to associate a user's identity to a public key that has been digitally signed by a trusted third party. This third party verifies the owner and that the public key belongs to that owner.

Juan needs a certificate that must only authenticate that a specific organization has the right to use a particular domain name. What type of certificate does he need? a. Domain validation b. Root c. Extended validation d. Website validation

Domain validation A domain validation digital certificate is a certificate that only verifies the identity of the entity that has control over the domain name.

Elton needs his application to perform a real-time lookup of a digital certificate's status. Which technology would he use? a. Certificate Revocation List (CRL) b. Real-Time CA Verification (RTCAV) c. Online Certificate Status Protocol (OCSP) d. Staple

Online Certificate Status Protocol (OCSP) Online Certificate Status Protocol (OCSP) performs a real-time lookup of a certificate's status. OCSP is called a request-response protocol. The browser sends the certificate's information to a trusted entity like the CA, known as an OCSP Responder. The OCSP Responder then provides revocation information on that one specific certificate.

What is the file extension for a Cryptographic Message Syntax Standard based on PKCS#7 that defines a generic syntax for defining digital signature and encryption? a. .P7B b. .P12 c. .cer d. .xdr

P7B Cryptographic Message Syntax Standard with an extension of .P7B defines a generic syntax for defining digital signature and encryption.

Who verifies the authenticity of a CSR? a. Signature authority b. Registration authority c. Certificate authority d. Certificate signatory

Registration authority A user electronically signs the CSR by affixing her public key and then sends it to a registration authority that is responsible for verifying the credentials of the applicant.

Which is the first step in a key exchange? a. The web browser sends a message ("ClientHello") to the server. b. The web server sends a message ("ServerHello") to the client. c. The web browser verifies the server certificate. d. The browser generates a random value ("pre-master secret").

The web browser sends a message ("ClientHello") to the server. The web browser sends a message ("ClientHello") to the server that contains information including the list of cryptographic algorithms that the client supports.

Which of the following can a digital certificate NOT be used for? a. To encrypt messages for secure email communications b. To verify the identity of clients and servers on the Web c. To encrypt channels to provide secure communication between clients and servers d. To verify the authenticity of the CA

To verify the authenticity of the CA A digital certificate does not verify the authenticity of a CA; rather, a CA verifies the authenticity of a user.


Related study sets

Plant Structure, Function, and Organization (7%)

View Set

Unit 5 - Summary (Eng-Spa) - American English File 2B

View Set

EDUC 115 - Embracing Diversity tRat Questions Modules 1-5

View Set

Matter & Energy in Ecosystems - Vocabulary/Amplify Science Part 1

View Set

Chapter 3+4+6+18. Ecosystem Ecology, Global Climates and Biomes, Population and Community Ecology, Conservation of Biodiversity, Biosphere

View Set

Four types of Flagella arrangement on bacteria

View Set

Managerial Accounting Exam 1 Q/A, Chapter 2, Accounting Test 3

View Set