Ch6-13 Review

25 July 2022
4.7 (114 reviews)
48 test answers

Unlock all answers in this set

Unlock answers (44)
question
What is the purpose of key escrow?
answer
To provide a means to recover from a lost private key
question
Which aspect of certificates makes them a reliable and useful mechanism for proving the identity of a person, system, or service on the Internet?
answer
Trusted third-party
question
Which standard is most widely used for certificates?
answer
X.509
question
Certificates can be invalidated by the trusted third-party that originally issued the certificate. What is the name of the mechanism that is used to distribute information about invalid certificates?
answer
CRL
question
Which of the following items are contained in a digital certificate? (TWO)
answer
Public Key Validity period
question
Which of the following conditions does not result in a certificate being added to the certificate revocation list?
answer
Certificate expiration
question
Which of the following identifies someone who can retrieve private keys from storage?
answer
Recovery agent
question
Which of the following is an entity that accepts and validates information contained within a request for a certificate?
answer
Registration authority
question
What is a PKI?
answer
A hierarchy of computers for issuing certificates
question
Which of the following best describes the contents of the CRL?
answer
A list of all revoked certificates
question
A PKI is a method for managing which type of encryption?
answer
Asymmetric
question
Which of the following is a mechanism for granting and validating certificates?
answer
PKI
question
Certificate revocation should occur under all but which of the following conditions?
answer
The certificate owner has held the certificate beyond the established lifetime timer
question
Which of the following would require that a certificate be placed on the CRL?
answer
The private key is compromised
question
A private key has been stolen. What action should be taken to deal with this crisis?
answer
Add the digital certificate to the CRL
question
What action is taken when the private key associated with a digital certificate becomes compromised?
answer
The certificate is revoked and added to the Certificate Revocation List
question
You are concerned that if a private key is lost, all documents encrypted using your private key will be inaccessible. Which service should you use to solve this problem?
answer
Key escrow
question
You have lost the private key that you have used to encrypt files. You need to get a copy of the private key to open some encrypted files. Who should you contact?
answer
Recovery agent
question
You have a Web server that will be used for secure transactions for customers who access the Web site over the Internet. The Web server requires a certificate to support SSL. Which method would you use to get a certificate for the server?
answer
Obtain a certificate from a public PKI
question
To obtain a digital certificate and participate in a PKI, what must be submitted and where should it be submitted?
answer
Identifying data and a certification request to the registration authority (RA).
question
Which of the following is the best countermeasure for man-in-the-middle attacks?
answer
Public key infrastructure (PKI)
question
An SSL client has determined that the Certificate Authority (CA) issuing a server's certificate is on its list of trusted CAs. What is the next step in verifying the server's identity?
answer
The CA's public key must validate the CA's digital signature on the server certificate
question
How many keys are used with Public Key Cryptography?
answer
Two
question
What is the primary purpose of a certificate?
answer
Identity proofing
question
When is the best time to apply for a certificate renewal?
answer
Near the end of the certificate's valid lifetime
question
Which of the following is a direct protection of integrity?
answer
Digital signature
question
Which of the following statements is true when comparing symmetric and asymmetric cryptography?
answer
Asymmetric key cryptography is used to distribute symmetric keys
question
Which of the following is not true regarding SSL?
answer
SSL authenticates the server to the client using a biometric based multi-factor authentication mechanism
question
HTTPS can be used to provide security for what type of traffic?
answer
Web
question
Which security mechanism can be used to harden or protect e-commerce traffic from Web servers?
answer
SSL
question
Which of the following best describes the purpose of using subnets?
answer
Subnets divide an IP network address into multiple network addresses.
question
Which of the following describes an IPv6 address?
answer
128-bit address Eight hexadecimal quartets
question
Routers operate at what level of the OSI model?
answer
Network layer
question
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?
answer
DDoS
question
Which type of activity changes or falsifies information in order to mislead or re-direct traffic?
answer
Spoofing
question
Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which security concern?
answer
Man-in-the-middle attack
question
Which of the following attacks tries to associate an incorrect MAC address with a known IP address?
answer
ARP poisoning
question
Your company has a connection to the Internet that allows users to access the Internet. You also have a Web server an an email server that you want to make available to Internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ?
answer
Network-based firewall
question
You have a company network that is connected to the Internet. You want all users to have Internet access, but need to protect your private network and users. You also need to make a Web server publicly available to Internet users. Which solution should you use?
answer
Use firewalls to create a DMZ. Place the web server inside the DMZ, and the private network behind the DMZ.
question
Which of the following is a firewall function?
answer
Packet filtering
question
Which of the following is the best device to deploy to protect your private network from a public untrusted network?
answer
Firewall
question
You connect your computer to a wireless network available at your local library. You find that you can access all websites you want on the Internet except for two. What might be causing the problem?
answer
A proxy server is blocking access to the web sites.
question
Which of the following solutions would you implement to track which websites that network users are accessing?
answer
Proxy
question
Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?
answer
ACL
question
Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol?
answer
Disable Bluetooth on the phone
question
Even if you perform regular backups, what must be done to ensure that you are protected against data loss?
answer
Regularly test restoration procedures
question
The disaster recovery plan calls for having tape backups stored at a different location. The location is a safe deposit box at the local bank. Because of this, the disaster recovery plan specifies to choose a method that uses the fewest tapes, but is also quick to back up and restore them. Which backup strategy would best meet the disaster recovery plan for tape backups?
answer
Perform a full backup once a week with a differential backup the other days of the week.
question
You have been asked to deploy a network solution that requires an alternate location where operational recovery is provided within minutes of a disaster. Which of the following strategies would you choose?
answer
Hot site