Security+ - Chapter 4 Exam

Ace your homework & exams now with Quizwiz!

What length SSL and TLS keys are generally considered to be strong? 1024 4096 2048 128

4096

Which of the following is a valid way to check the status of a certificate? (Choose all that apply.) Certificate Revocation List Certificate Revocation Authority Online Certificate Status Protocol Revocation List Protocol

Certificate Revocation List, Online Certificate Status Protocol

A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate, is known as? Access policy (AP) Certificate policy (CP) Lifecycle policy (LP) Certificate practice statement (CPS)

Certificate practice statement (CPS)

Select the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates: Certification Authority Participation Authority Registration Authority Delegation Authority

Certification Authority

What block cipher mode of operation uses the most basic approach where the plaintext is divided into blocks, and each block is then encrypted separately? Galois/Counter Cipher Block Chaining Counter Electronic Code Book

Electronic Code Book

Which of the following is an enhanced type of domain digital certificate? Extended Validation Trusted Validation Authorized Validation Primary Validation

Extended Validation

A digital certificate is a technology used to associate a user's identity to a private key. True False

False

Digital certificates should last forever. True False

False

Root digital certificates should never be self-signed. True False

False

Some CAs issue only entry-level certificates that provide domain-only validation. True False

False

Stream ciphers work on multiple characters at a time. True False

False

What block cipher mode of operation encrypts plaintext and computes a message authentication code to ensure that the message was created by the sender and that it was not tampered with during transmission? Cipher Block Chaining Galois/Counter Electronic Code Book Counter

Galois/Counter

The Authentication Header (AH) protocol is a part of what encryption protocol suite below? SSL GPG IPSec TLS 3.0

IPSec

What protocol below supports two encryption modes: transport and tunnel? SSL IPSec HTTPS TLS

IPSec

Why is IPsec considered to be a transparent security protocol? IPsec's design and packet header contents are open sourced technologies. IPsec is designed to not require modifications of programs, or additional training, or additional client setup. IPsec packets can be viewed by anyone. IPsec uses the Transparent Encryption (TE) algorithm.

IPsec is designed to not require modifications of programs, or additional training, or additional client setup.

What common method is used to ensure the security and integrity of a root CA? Keep it in an online state and encrypt it. Only use the root CA infrequently. Password protect the root CA Keep it in an offline state from the network.

Keep it in an offline state from the network.

Select the secure alternative to the telnet protocol: SSH TLS HTTPS IPsec

SSH

What protocol, developed by Netscape in 1994, is designed to create an encrypted data path between a client and server that could be used on any platform or operating system? TLS EAP PEAP SSL

SSL

What cryptographic transport algorithm is considered to be significantly more secure than SSL? HTTPS TLS AES ESSL

TLS

A Subject Alternative Name (SAN) digital certificate is also known as a Unified Communications Certificate (UCC). True False

True

A certificate repository (CR) is a publicly accessible centralized directory of digital certificates. True False

True

A user electronically signs a Certificate Signing Request (CSR) by affixing their public key and then sending it to an intermediate certificate authority. True False

True

SSL v3.0 served as the basis for TLS v1.0. True False

True

Some cryptographic algorithms require that in addition to a key another value can or must be input. True False

True

What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs? transitive trust distributed trust bridge trust third-party trust

bridge trust

What process links several certificates together to establish trust between all the certificates involved? certificate chaining certificate pairing certificate linking certificate joining

certificate chaining

What allows an application to implement an encryption algorithm for execution? counters crypto service providers initialization vectors crypto modules

crypto service providers

What process will remove all private and public keys along with the user's identification information in the CA? revocation deletion destruction suspension

destruction

What type of trust model is used as the basis for most digital certificates used on the Internet? third-party trust related trust distributed trust managed trust

distributed trust

Which of the following certificates verifies the identity of the entity that has control over the domain name? web digital certificates root digital certificates domain validation digital certificate validation digital certificate

domain validation digital certificate

At what stage can a certificate no longer be used for any type of authentication? suspension expiration creation revocation

expiration

The process by which keys are managed by a third party, such as a trusted CA, is known as? key management key renewal key destruction key escrow

key escrow

What term best represents the resiliency of a cryptographic key to attacks? key bits key space key resiliency key strength

key strength

What is used to create session keys? domain validation master secret validation crypto modules

master secret

Which of the following is an input value that must be unique within some specified scope, such as for a given period or an entire session? salt initialization vector nonce counter

nonce

What kind of digital certificate is typically used to ensure the authenticity of a web server to a client? web server public web web client private

private

A framework for all of the entities involved in digital certificates for digital certificate management is known as: public key infrastructure private key infrastructure shared key infrastructure network key infrastructure

public key infrastructutre

Which of the following certificates are self-signed? web digital certificates user digital certificate trusted digital certificates root digital certificates

root digital certificates

What is a value that can be used to ensure that plaintext, when hashed, will not consistently result in the same digest? salt initialization vector nonce counter

salt

When two individuals trust each other because of the trust that exists between the individuals and a separate entity, what type of trust has been established? third-party mutual distributed web of

third-party


Related study sets

MNGT-3100-Champion : Test 4 (Ch's. 12-14)

View Set

Chapter 9: The High-Risk Newborn and Family

View Set

PADI Open Water Diving Section 1

View Set

American History 2 MIDTERM questions

View Set

HTHRHSC 2500 Med Term Application 6

View Set

KNS 440 Strength and Conditioning Midterm Review

View Set

PrepU: Assessment of Kidney and Urinary Function

View Set