Security+ CH 6
SSL and TLS keys of what length are generally considered to be strong? 128 1024 2048 4096
4096
Public Key Cryptography Standards (PKCS) _____. are widely accepted in the industry are used to create public keys only define how hashing algorithms are created have been replaced by PKI
are widely accepted in the industry
Which of these is NOT part of the certificate life cycle? revocation authorization creation expiration
authorization
A _____ is a specially formatted encrypted message that validates the information the CA requires to issue a digital certificate. Certificate Signing Request (CSR) digital digest FQDN form digital certificate
Certificate Signing Request (CSR)
Select below the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates: Registration Authority Delegation Authority Certification Authority Participation Authority
Certification Authority
_____ performs a real-time lookup of a digital certificate's status. Certificate Revocation List (CRL) Online Certificate Status Protocol (OCSP) CA Registry Database (CARD) Real-Time CA Verification (RTCAV)
Online Certificate Status Protocol (OCSP)
Why would an administrator NOT renew a key? Once a key is renewed, it is no longer considered authenticated Renewing keys continues their lifespan, making them less reliable Usage of a key recovery agent is no longer an option Keys still provide authentication after expiration
Renewing keys continues their lifespan, making them less reliable
_____ is a protocol for securely accessing a remote computer. Secure Shell (SSH) Secure Sockets Layer (SSL) Secure Hypertext Transport Protocol (SHTTP) Transport Layer Security (TLS)
Secure Shell (SSH)
_____ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. Session Keys Encrypted signatures Digital digests Digital Certificates
Session Keys
SSL and TLS keys of what length are generally considered to be strong? AES HTTPS ESSL TLS
TLS
A digital certificate associates _____. a user's private key with the public key a private key with a digital signature a user's public key with his private key the user's identity with his public key
the user's identity with his public key
Digital certificates can be used for each of these EXCEPT _____. to encrypt channels to provide secure communication between clients and servers to verify the identity of clients and servers on the Web to verify the authenticity of the Registration Authorizer to encrypt messages for secure email communications
to verify the authenticity of the Registration Authorizer
What is the purpose of suspending a digital certificate rather than revoking it? To ensure the certificate goes through the proper disposal procedures before revocation To limit use of a certificate after an employee temporarily leaves When a certificate is compromised, a suspension can be used while the certificate's key is modified to become secure once again There is no suspension of certificates; all digital certificates must be revoked then recreated
To limit use of a certificate after an employee temporarily leaves
An entity that issues digital certificates is a _____. Certificate Authority (CA) Signature Authority (SA) Certificate Signatory (CS) Digital Signer (DS)
Certificate Authority (CA)
A centralized directory of digital certificates is called a(n) _____. Digital Signature Approval List (DSAP) Certificate Repository (CR) Authorized Digital Signature (ADS) Digital Signature Permitted Authorization (DSPA)
Certificate Repository (CR)
Which of these is considered the weakest cryptographic transport protocol? SSL v2.0 TLS v1.0 TLS v1.1 TLS v1.3
SSL v2.0
A(n) _____ is a published set of rules that govern the operation of a PKI. enforcement certificate (EF) certificate practice statement (CPS) certificate policy (CP) signature resource guide (SRG)
certificate policy (CP)
Which of these is NOT where keys can be stored? in tokens in digests on the user's local system embedded in digital certificates
in digests
Public key infrastructure (PKI) _____. creates private key cryptography is the management of digital certificates requires the use of an RA instead of a CA generates public/private keys automatically
is the management of digital certificates
PKI consists of all of the following EXCEPT what? procedures practices software people
practices
The ______-party trust model supports CA. first second third fourth
third
A digital certificate that turns the address bar green is a(n) _____. Personal Web-Client Certificate Advanced Web Server Certificate (AWSC) X.509 Certificate Extended Validation SSL Certificate
Extended Validation SSL Certificate
Which statement is NOT true regarding hierarchical trust models? The root signs all digital certificate authorities with a single key. It assigns a single hierarchy with one master CA. It is designed for use on a large scale. The master CA is called the root.
It is designed for use on a large scale.
The process by which keys are managed by a third party, such as a trusted CA, is known as? Key escrow Key destruction Key renewal Key managment
Key escrow
_____ refers to a situation in which keys are managed by a third party, such as a trusted CA. Key escrow Remote key administration Trusted key authority Key authorization
Key escrow
How are TLS and SSL currently different in regards to security? TLS and SSL are interchangeable SSL is used externally and TLS is used within private networks TLS v1.2 is considered more secure than any version of SSL SSL v2.0 is more secure than TLS v1.1
TLS v1.2 is considered more secure than any version of SSL
Which of the following does a digital certificate NOT contain? Serial number of the digital certificate The hard-coded MAC address of the owner Name of the issuer Expiration date of the public key @pp 231
The hard-coded MAC address of the owner
The strongest technology that would assure Alice that Bob is the sender of a message is a(n) _____. digital signature encrypted signature digital certificate digest
digital certificate
Why is IPsec considered to be a transparent security protocol? IPsec packets can be viewed by anyone IPsec is designed to not require modifications of programs, or additional training, or additional client setup IPsec's design and packet header contents are open sourced technologies IPsec uses the Transparent Encryption (TE) algorithm
IPsec is designed to not require modifications of programs, or additional training, or additional client setup