Fundamentals Of Network Security Chapter 4

True or False: Stream ciphers work on multiple characters at a time.

"What cryptographic transport algorithm is considered to be significantly more secure than SSL? - AES - HTTPS - ESSL - TLS"

"What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs? - bridge trust - distributed trust - third-party trust - transitive trust"

"What block cipher mode of operation encrypts plaintext and computes a message authentication code to ensure that the message was created by the sender and that it was not tampered with during transmission? - Electronic Code Book - Galois/Counter - Cipher Block Chaining - Counter"

"What is used to create session keys? - master secret - crypto modules - validation - domain validation"

"When two individuals trust each other because of the trust that exists between the individuals and a separate entity, what type of trust has been established? - web of - mutual - third-party - distributed"

"What process links several certificates together to establish trust between all the certificates involved? - certificate pairing - certificate linking - certificate joining - certificate chaining"

True or False: Root digital certificates should never be self-signed.

"Why is IPsec considered to be a transparent security protocol? - Ipsec packets can be viewed by anyone - IPsec is designed to not require modifications of programs, or additional training, or additional client setup. - Ipsec's design and packet header contents are open sourced technologies - IPsec uses the Transparent Encryption (TE) algorithm."

"The Authentication Header (AH) protocol is a part of what encryption protocol suite below? - TLS 3.0 - IPSec - GPG - SSL"

True or False: Digital certificates should last forever.

True or False: A user electronically signs a Certificate Signing Request (CSR) by affixing their public key and then sending it to an intermediate certificate authority.

"At what stage can a certificate no longer be used for any type of authentication? - creation - suspension - revocation - expiration"

True or False: A Subject Alternative Name (SAN) digital certificate, is also known as a Unified Communications Certificate (UCC).

"What kind of digital certificate is typically used to ensure the authenticity of a web server to a client? - private - web server - public web - web client"

"What term best represents the resiliency of a cryptographic key to attacks? - key bits - key resiliency - key strength - key space"

"Which of the following is an input value that must be unique within some specified scope, such as for a given period or an entire session? - salt - initialization vector - counter - nonce"

True or False: SSL v3.0 served as the basis for TLS v1.0.

"What type of trust model is used as the basis for most digital certificates used on the Internet? - third-party trust - related trust - managed trust - distributed trust"

True or False: Some CAs issue only entry-level certificates that provide domain-only validation.

"Select the secure alternative to the telnet protocol: - HTTPS - TLS -Ipsec - SSH"

True or False: A digital certificate is a technology used to associate a user's identity to a private key.

"What process will remove all private and public keys along with the user's identification information in the CA? - suspension - deletion - destruction - revocation"

"Which of the following certificates are self-signed? - trusted digital certificates - root digital certificates - web digital certificates - user digital certificates"

"What protocol below supports two encryption modes: transport and tunnel? - HTTPS - IPSec - SSL - TLS"

True or False: A certificate repository (CR) is a publicly accessible centralized directory of digital certificates.

"A framework for all of the entities involved in digital certificates for digital certificate management is known as: - public key infrastructure - network key infrastructure - private key infrastructure - shared key infrastructure"

"Which of the following is a valid way to check the status of a certificate? (Choose all that apply.) - Online Certificate Status Protocol - Certificate Revocation Authority - Certificate Revocation List - Revocation List Protocol"

"What is a value that can be used to ensure that plaintext, when hashed, will not consistently result in the same digest? - salt - initialization vector - counter - nonce"

"What length SSL and TLS keys are generally considered to be strong? - 128 - 1024 - 2048 - 4096"

"What common method is used to ensure the security and integrity of a root CA? - Keep it in an offline state from the network. - Only use the root CA infrequently. - Password protect the root CA - Keep it in an online state and encrypt it"

"What protocol, developed by Netscape in 1994, is designed to create an encrypted data path between a client and server that could be used on any platform or operating system? - SSL - TLS - PEAP - EAP"

"The process by which keys are managed by a third party, such as a trusted CA, is known as? - key escrow - key destruction - key renewal - key management"

"What allows an application to implement an encryption algorithm for execution? - counters - crypto service providers - initialization vectors - crypto modules"

"What block cipher mode of operation uses the most basic approach where the plaintext is divided into blocks, and each block is then encrypted separately? - Electronic Code Book - Galois/Counter Cipher Block Chaining Counter"

"A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate, is known as? - Certificate practice statement (CPS) - Certificate policy (CP) - Lifecycle policy (LP) - Access policy (AP)"

True or False: Some cryptographic algorithms require that in addition to a key another value can or must be input.

"Select the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates: - Registration Authority - Delegation Authority - Certification Authority - Participation Authority"

"Which of the following certificates verifies the identity of the entity that has control over the domain name? - Validation digital certificate - root digital certificates - domain validation digital certificate - web digital certificates"

"Which of the following is an enhanced type of domain digital certificate? - Primary Validation - Extended Validation - Authorized Validation - Trusted Validation"