Several entities and technologies are used for the management; applying, registering, and revoking.
These include:
Certiļ¬cate Authority (CA)
Registration Authority (RA)
Certiļ¬cate Revocation List (CRL)
Certiļ¬cate Repository (CR)
Digital certiļ¬cates can be managed through a Web browser.
question
List three general duties of a CA (Certiļ¬cate Authority).
answer
1) Generate, issue, distribute public key certiļ¬cates.
2) Distribute CA certiļ¬cates.
3) Generate, publish certiļ¬cate status information.
4) Provides means for subscribers to request revocation.
5) Revoke public-key certiļ¬cates.
6) Maintain the security, availability, continuity of the certiļ¬cate issuance signing functions.
question
Identify the general duties of an RA (Registration Authority).
answer
1) Receive, authenticate, process certiļ¬cate revocation requests.
2) Identify, authenticate subscribers.
3) Obtain public key from subscriber.
4) Verify subscriber has the asymmetric private key corresponding to the public key. (p233)
question
List the three PKI (Public Key Infrastructure) trust models that use a CA (Certiļ¬cate Authority).
answer
1) Hierarchical trust model
2) Distributed trust model
3) Bridge trust model
question
List the four stages of a certiļ¬cate life cycle.
Explain the diļ¬erence between key revocation versus key suspension. Give an example for each.
answer
Suspension is for a set period of time - An employee is on an extended medical leave. A suspended key can be later reinstated.
Revocation is permanent - An employee is ļ¬red then key revocation should apply.
question
What are the three areas of protection that are provided by IPSec (Internet Protocol Security)
Discuss the three areas of protection that are provided by IPsec (Internet Protocol Security). (week 13 prac example Q. 27)
answer
1) Authentication - packets received were sent from the source that is identiļ¬ed. This is accomplished by the Authentication Header (AH) protocol.
2) Conļ¬dentiality - By encrypting the packets, it ensures that no other parties were able to view the contents. Conļ¬dentiality is achieved through the Encapsulating Security Payload (ESP) protocol.
3) Key management - It manages the keys to ensure that they are not intercepted or used by unauthorized parties.
question
Digital signatures actually only show that the public key labeled as belonging to the person was used to encrypt the digital signature. (week 13 prac example Q. 5) [True]/[False]
answer
True (p230)
question
Digital certificates cannot be used to identify objects other than users.[True]/[False]
answer
False (p231)
question
Public keys can be stored by embedding them within digital certificates, while private keys can be stored on the user's local system.[True]/[False]
answer
True (p246)
question
The Encapsulating Security Payload (ESP) protocol ensures IPsec's confidentiality.[True]/[False]
answer
True (p252)
question
The vulnerability discovered in IPsec in early 2014 was nicknamed Heartbleed, due to an issue with a heartbeat extension in the protocol.[True]/[False]
answer
False (p250)
question
What type of cryptographic algorithm can be used to ensure the integrity of a file's contents?
answer
Hashing (p229)
question
Using what mechanism below can the non-repudiation of an e-mail and its content be enforced?
answer
Asymmetric encryption (p229)
question
Select below the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates:
answer
Certification Authority (p232)
question
What is the name for an organization that receives, authenticates, and processes certificate revocation requests?
answer
Registration Authority (p233)
question
What kind of certificate is typically used by an individual to secure e-mail transmissions?
answer
Personal digital (p236)
question
Select below the type of certificate that is often issued from a server to a client, with the purpose of ensuring the authenticity of the server:
answer
Server digital (p236)
question
A sensitive connection between a client and a web server uses what class of certificate?
answer
Class 2 (p236)
question
A framework for all of the entities involved in digital certificates for digital certificate management is known as:
answer
Public key infrastructure (p230)
question
When two individuals trust each other because of the trust that exists between the individuals and a separate entity, what type of trust has been established?
answer
third-party (p242)
question
Because of the limitations of a hierarchical trust model, what type of trust model is used for CAs on the Internet?
answer
distributed trust (p243)
question
What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs?
answer
bridge trust (p254)
question
A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate, is known as?
answer
Certificate practice statement (CPS) (p244)
question
At what stage can a certificate no longer be used for any type of authentication?
answer
expiration (p246)
question
The process by which keys are managed by a third party, such as a trusted CA, is known as?
answer
Key escrow (p247)
question
What protocol, developed by Netscape in 1994, is designed to create an encrypted data path between a client and server that could be used on any platform or operating system?
answer
SSL (p249)
question
What cryptographic transport algorithm is considered to be significantly more secure than SSL?
answer
TLS (p249)
question
What protocol below supports two encryption modes: transport and tunnel?
answer
IPSec (p252)
question
The Authentication Header (AH) protocol is a part of what encryption protocol suite below?
answer
IPSec (p252)
question
Why is IPsec considered to be a transparent security protocol?
answer
IPsec is designed to not require modifications of programs, or additional training, or additional client setup (p251)
question
What is the secure alternative to the telnet protocol.
answer
SSH (Secure Shell) (p250)
question
SSL and TLS keys of what length are generally considered to be strong?
answer
4096 (p250)
question
____________________ may be defined as confidence in or reliance on another person or entity.
answer
Trust (p230)
question
A(n) ____________________ trust model can be used in an organization where one CA is responsible for only the digital certificates for that organization.
answer
hierarchical (p243)
question
Key ____________________ dates prevent an attacker who may have stolen a private key from being able to decrypt messages for an indefinite period of time.
answer
expiration (p230)
question
In the SSH suite, the ____________________ command allows a user to copy files between remote computers.
answer
scp (p230)
question
In the SSH suite, the ____________________ command allows a user to log on to a remote computer.
answer
slogin (p251)
question
A ____________________ is a specially formatted encrypted message that validates the information the CA (Certiļ¬cate Authority) requires to issue a digital certiļ¬cate. (week 13 prac example Q. 16)
answer
Certiļ¬cate Signing request (CSR) (p222)
Haven't found what you need?
Search for quizzes and test answers now
Quizzes.studymoose.com uses cookies. By continuing you agree to our cookie policy
