CIS2005 Mod 4 Review Quiz

25 July 2022
4.7 (114 reviews)
25 test answers

Unlock all answers in this set

Unlock answers (21)
question
c. set lifetime expires
answer
It is important that certificates and keys are properly destroyed when their __________. Select one: a. key split occurs b. key archive expires c. set lifetime expires d. key continuity breaks
question
b. Separation of duties
answer
Which term means that one person cannot complete a critical task alone? Select one: a. Escrow b. Separation of duties c. Dual control d. Multifactor authentication
question
b. Security
answer
What is the primary reason to have an offline certification server? Select one: a. Cost b. Security c. Complexity d. Backup and recovery
question
c. To establish a level of trust between two entities
answer
Why should an organization construct and implement a PKI? Select one: a. To eliminate certificate authorities b. To provide identification to individuals and ensure availability c. To establish a level of trust between two entities d. To enable a centralized directory to store the registered certificate and distribute private keys to users
question
c. dual control
answer
Requiring two individuals to recover a lost key together is called __________. Select one: a. two-factor authentication b. nonrepudiation c. dual control d. separation of duties
question
c. cannot be sure of the certificate's validity and must check the CRL each time before use.
answer
Once you have properly obtained a digital certificate for a web site, you __________. Select one: a. can be sure of the certificate's validity indefinitely. b. can be sure of the certificate's validity until the expiration date. c. cannot be sure of the certificate's validity and must check the CRL each time before use. d. cannot be sure of the certificate's validity and must check the RA each time before use.
question
b. Key escrow
answer
Which term refers the process of giving keys to a third party so that they can decrypt and read sensitive information if the need arises? Select one: a. Key recovery b. Key escrow c. Key archiving d. Key protection
question
b. PEM
answer
What is the most common format used by certificate authorities when issuing certificates? Select one: a. Key b. PEM c. DER d. CER
question
c. A construct of systems, personnel, applications, protocols, technologies, and policies that work together to provide a certain level of protection.
answer
Which statement best describes a trust domain? Select one: a. The agreed upon, trusted third party for certificate allocation. b. A construct that allows one user the ability to validate the other's certificate. c. A construct of systems, personnel, applications, protocols, technologies, and policies that work together to provide a certain level of protection. d. An entity which allows the certificate's issuer and subject fields hold the same information.
question
a. Key continuity
answer
Which term refers to the process of reusing a certificate or public key? Select one: a. Key continuity b. Stapling c. Certificate chaining d. Certificate extension
question
d. A centralized directory containing public keys and their corresponding certificates accessible by a subset of individuals
answer
What is a certificate repository? Select one: a. A directory that calculates a message digest for the certificate b. An entity that generates electronic credentials c. A directory of root certificates that requires a centralized infrastructure d. A centralized directory containing public keys and their corresponding certificates accessible by a subset of individuals
question
b. In-house certification authority (CA)
answer
Which type of certificate authority is maintained and controlled by the company that implemented it? Select one: a. Public certification authority (CA) b. In-house certification authority (CA) c. Local registration authority (LRA) d. Offline certification authority (CA)
question
b. Compare the CA that digitally signed the certificate to a list of CAs that have already been loaded into the receiver's computer.
answer
What is the first step taken when validating a certificate? Select one: a. Review the validity dates. b. Compare the CA that digitally signed the certificate to a list of CAs that have already been loaded into the receiver's computer. c. Calculate a message digest for the certificate. d. Check a revocation list to see if the certificate has been revoked.
question
a. Cross-certification certificate
answer
Which type of certificate is used when independent CAs establish peer-to-peer trust relationships allowing one CA to issue a certificate allowing its users to trust another CA? Select one: a. Cross-certification certificate b. policy certificate c. CA certificate d. End-entity certificate
question
c. All entities within the hierarchical trust model would be drastically affected.
answer
If the root CA's private key were compromised, what would happen? Select one: a. Entities within the hierarchical trust model and end users would be unaffected. b. Entities within the hierarchical trust model would also be compromised, but users would be unaffected. c. All entities within the hierarchical trust model would be drastically affected. d. Only the root CA would be affected.
question
a. Key recovery
answer
Which term refers to the process of restoring lost keys to the users or the company? Select one: a. Key recovery b. Key escrow c. Key archiving system d. Private key protection
question
b. Where the trust paths reside
answer
What does a trust model indicate? Select one: a. Where the private keys are stored b. Where the trust paths reside c. Whether a key needs to be escrowed d. Whether a key needs to be archived
question
d. It provides dedicated services, and possibly equipment, to an individual company.
answer
How is an outsourced CA different from a public CA? Select one: a. It is implemented, maintained, and controlled by the originating company. b. It provides more flexibility for companies. c. It can be used by hundreds or thousands of companies. d. It provides dedicated services, and possibly equipment, to an individual company.
question
a. Standard
answer
Which type of certificate extensions are implemented for every PKI implementation? Select one: a. Standard b. Public c. Private d. Key usage
question
c. A means of establishing an association between the subject's identity and a public key
answer
What is a digital certificate? Select one: a. A means of establishing the validity of an offer from a person, entity, web site, or e-mail b. A centralized directory in which registered keys are created and stored c. A means of establishing an association between the subject's identity and a public key d. An entity that generates electronic credentials and distributes them upon proving their identity sufficiently
question
a. It is easier to implement, back up, and recover keys.
answer
What is the advantage of using a centralized infrastructure for key generation? Select one: a. It is easier to implement, back up, and recover keys. b. Secure key distribution is easier. c. The server is removed from being a central point of failure. d. All public/private key pairs can be created on the server regardless of their intended use.
question
d. certification practices statement (CPS)
answer
Every CA should have a __________ that outlines how identities are verified. Select one: a. data certification policy b. recovery agent c. certificate policy (CP) d. certification practices statement (CPS)
question
b. The location where the cryptographic key is generated and stored is different
answer
What is the difference between centralized and decentralized infrastructures? Select one: a. The key pairs and certificates do not have a set lifetime in centralized infrastructures. b. The location where the cryptographic key is generated and stored is different. c. The network administrator sets up the distribution points in centralized infrastructures. d. In a decentralized infrastructure, the certificate may have an extended lifetime.
question
b. provides all of the components needed for entities to communicate securely and predictably
answer
A public key infrastructure __________. Select one: a. enables parties to use communications such as e-mail b. provides all of the components needed for entities to communicate securely and predictably c. enables secure communications in chat rooms, and when text messaging on smart phones d. provides digital signatures as an application service provider
question
c. Key archiving
answer
__________ is a way of backing up keys and securely storing them in a repository. Select one: a. Key escrow b. Key recovery c. Key archiving d. Stapling