3.0

Question 1

LDAP/ LDAPS

Answer 1

Lightweight Directory Access Protocol/LDAP Secure
A standard protocol designed to maintain and access “directory services” within a network
Port 389 and 636

Question 2

UTM

Answer 2

Unified Threat Management
All-in-one security appliance. When multiple security features or services are combined into a single device within your network.

Question 3

PKI

Answer 3

Public Key Infrastructure
Framework managing digital certificates, encryption keys, and authentication processes, facilitating secure communication and data protection.

Question 4

802.1X

Answer 4

A standard used in network security that provides port-based authentication (authenticated by a certificate) to devices attempting to connect to a network (NAC). You don’t get access to the network until you authenticate.

Question 5

PEAP

Answer 5

Protected Extensible Authentication Protocol
An EAP method that uses a secure TLS tunnel. Protects authentication process within an encrypted channel.

Question 6

EAP-FAST

Answer 6

EAP Flexible Authentication via Secure Tunneling
An EAP method that enables secure communication between a client and an authentication server by using Transport Layer Security (TLS) to establish a mutually authenticated tunnel. Using a secure tunnel without requiring server certificates.

Question 7

CASB

Answer 7

Cloud access security broker
Placed between cloud service consumers and cloud service providers to monitor all activity and enforces security policies.

Question 8

FDE

Answer 8

Full disk encryption
A security technology used to encrypt all data stored on a computer’s hard drive or storage device. Encrypt everything on the drive

Question 9

SED

Answer 9

Self-encrypting drive
A type of storage device (such as a hard drive or solid-state drive) that includes built-in hardware-based encryption capabilities.

Question 10

Containerization

Answer 10

A lightweight virtualization technology that allows applications and their dependencies to be packaged and isolated into containers.

Question 11

MAC filtering

Answer 11

Media access control filtering
A network security technique used to control which devices can connect to a network based on their MAC addresses. Limit access through the physical hardware address.

Question 12

MDM

Answer 12

Mobile Device Management
A type of software solution that helps organizations manage and secure mobile devices used by employees within their network. Manage company-owned and user-owned mobile devices

Question 13

COPE

Answer 13

Corporate-Owned, Personally Enabled
A mobile device management strategy used by organizations to manage company-owned devices while allowing employees some level of personal use.

Question 14

VDI/VMI

Answer 14

Virtual Desktop Infrastructure/Virtual Mobile Infrastructure
VDI is a technology that allows users to access a desktop environment virtually, rather than having a physical computer at their desk. VMI is similar to VDI but focuses on virtualizing mobile device environments, such as smartphones or tablets.
– The apps are separated from the mobile device
– The data is separated from the mobile device

Question 15

WPA2

Answer 15

Wi-Fi Protected Access 2
It’s a security protocol used to protect wireless networks from unauthorized access and data interception.

Employs the Advanced Encryption Standard AES with a 128-bit key.

Question 16

WPS

Answer 16

Wi-Fi Protected Setup
Wi-Fi Protected Setup (WPS) is a network security standard that was created to simplify the process of connecting devices to a secure wireless network.

Question 17

RBAC

Answer 17

Role-based access control
A method of restricting network access based on the roles of individual users within an organization.

Question 18

ABAC

Answer 18

Attribute-based access control
A more flexible access control model that uses attributes about users, systems, and the environment to make access control decisions. Ex. location, time, and device, as well as username and password.

Question 19

DAC

Answer 19

Discretionary Access Control
A type of access control where the owner of a resource determines who can access that resource and what permissions they have. DAC, access decisions are based on the discretion of the resource owner, who can grant or revoke access rights to users or groups.

Question 20

MAC

Answer 20

Mandatory Access Control
Access control scheme uses labels to grant access, controlling data access and preventing unauthorized use.

Question 21

VLAN

Answer 21

Virtual local area network
A network segmentation technique used to divide a single physical network into multiple logical networks

Question 22

Measured Boot

Answer 22

Ensures boot process integrity by measuring and comparing cryptographic hashes of key components.

Process hashes the subsequent processes and compares the hash values to known good values.

Question 23

Trusted Boot

Answer 23

Establishes a chain of trust during startup, verifying firmware and OS integrity using hardware-based security features like TPM.

Process verifies the digital signature of the OS kernel

Question 24

Secure Boot

Answer 24

Prevents unauthorized software execution during boot by verifying digital signatures of bootloader and OS components.

Question 25

NGFW

Answer 25

Next-generation firewall
An advanced network security solution that combines traditional firewall capabilities with additional features such as intrusion prevention, application awareness, and advanced threat detection and mitigation.

Question 26

IPSec

Answer 26

Internet Protocol Security
A suite of protocols used to secure and encrypt communication over IP networks. Send information in the layer 3 public internet, but encrypt the data
Uses Authentication Header (AH) for integrity and Encapsulation Security Payload (ESP) for encryption.

Question 27

SSL

Answer 27

Secure Sockets Layer
It ensures that data exchanged between a web server and a web browser remains confidential, integral, and authenticated. However, it’s worth noting that SSL has been largely replaced by its successor, Transport Layer Security (TLS), which offers enhanced security features and improved protocols.

Question 28

CA

Answer 28

Certificate Authority
Is the trusted authority that certifies individuals’ identities and creates electronic documents indicating that individuals are who they say they are.

Question 29

TACACS+

Answer 29

Terminal Access Controller Access-Control System Plus
A network authentication, authorization, and accounting (AAA) capabilities, a remote authentication protocol, which allows a remote access server to communicate with an authentication server to validate user access onto the network.

Question 30

Kerberos

Answer 30

A network authentication protocol designed to provide secure authentication for client-server applications over a non-secure network, such as the internet. (Ticketing system)

Question 31

TPM

Answer 31

Trusted Platform Module
A chip that resides on the motherboard of the device. Provides the operating system with access to keys.
Ex. enables hard drive encryption

Question 32

HSM

Answer 32

Hardware Security Module
A security device you can add to a system to manage, generate, and securely store cryptographic keys.

Question 33

Proxies

Answer 33

Proxies are servers that act as middlemen between your device (like a computer or phone) and the internet. They help with things like hiding your IP address, filtering content, speeding up web browsing by storing copies of web pages, and balancing internet traffic across multiple servers.

Question 34

SMTP

Answer 34

Simple Mail Transfer Protocol
The standard Internet protocol used to transfer e-mail between hosts.
Protocol number 25

Question 35

S/MIME

Answer 35

Secure/Multipurpose Internet Mail Extensions
A protocol that adds a layer of security to email messages. It provides encryption and digital signatures to ensure the confidentiality, integrity, and authenticity of email communication.

Question 36

DLP

Answer 36

Data Loss Prevention
Solutions serve to prevent sensitive data from leaving the network without notice.

Question 37

Boot Attestation

Answer 37

Boot attestation verifies the integrity of a computer’s boot process using cryptographic signatures to ensure only trusted software components are loaded, preventing unauthorized alterations.

Question 38

Tokenization

Answer 38

Is the process of substituting a surrogate value, called a token, for a sensitive data element.

Question 39

Salting

Answer 39

Is the process of adding a random element to a value before performing a mathematical operation like hashing.

Question 40

Hashing

Answer 40

A process of converting input data (such as text, files, or passwords) into a fixed-size string of characters using a hash function. Hashing is commonly used for data integrity verification, password storage, digital signatures, and indexing data structures.

Question 41

Static code analysis

Answer 41

Is when the code is examined without being executed.

Question 42

Dynamic code analysis

Answer 42

Analyzes the code during execution.

Question 43

Fuzzing

Answer 43

(or fuzz testing) is a brute force method of addressing input validation issues and vulnerabilities. They have software tools that transmit unexpected and abnormal data to applications to assess their response.

Question 44

Registry

Answer 44

Repository of all information related to configurations. Configuration options for the OS are located in the Registry.

Question 45

Zero Trust

Answer 45

Zero trust network is a network that doesn’t trust any devices by default, even if it was previously verified.

Question 46

NGSWG

Answer 46

Next-Gen Secure Web Gateway

A combination of a proxy server and a stateless firewall. Provides proxy services for traffic from clients to Internet sites, such as filtering URLs and scanning for malware.

Question 47

MAM

Answer 47

Mobile Application Management
Manages applications on mobile devices. Provision, update, and remove apps.

Question 48

Jump server

Answer 48

A hardened server used to access and manage devices in another network with a different security zone.

Question 49

UEM

Answer 49

Unified Endpoint Management
to ensure systems are kept up to date with current patches, have antivirus software installed with up-to-date definitions, and are secured using standard security practices.

Question 50

MDM

Answer 50

Mobile device management
Includes the technologies to manage mobile devices with the goal to ensure these devices have security controls in place to keep them secure.
Ex. Application management, Full device encryption, Passwords and PINs

Question 51

SAML

Answer 51

Security Assertion Markup Language

It is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

Question 52

Key Escrow

Answer 52

A method of storing decryption keys with a
trusted third-party. This includes a system by which your private key is kept both by you and by a third party.

Question 53

DNSSEC

Answer 53

Domain Name System Security Extensions

Allows for the verification of DNS data and denial of existence and ensures data integrity for DNS. However, it does not offer confidentiality or availability controls.

Question 54

NAT Gateway

Answer 54

Network Address Translation Gateway
allows private subnets to communicate with other cloud services and the Internet, but hides the internal network from Internet users.

Question 55

RADIUS

Answer 55

Remote Authentication Dial-In User Service
Used to provide AAA for network services,
a networking protocol that authorizes and authenticates users who access a remote network.

Question 56

PAP

Answer 56

Password Authentication Protocol
is a simple, plain-text password-based authentication protocol used by Point-to-Point Protocol (PPP) to validate users.

Question 57

Resource policies

Answer 57

Identity and access management (IAM)
– Who gets access, what they get access to on the cloud
This allows your organization to set restrictions, manage the resources, and manage cloud costs

Question 58

WPA3

Answer 58

Wi-Fi Protected Access 3

Released in 2018 to address the weaknesses in WPA2.

Uses a much stronger 256-bit Galois/Counter Mode Protocol (GCMP-256) for encryption.

There are two versions: WPA3-Personal for home users, and WPA3-Enterprise for corporate users

Question 59

CHAP

Answer 59

Challenge-Handshake Authentication Protocol
A more secure version of PAP. Sends an encrypted challenge sent over the network and client has to send a match to be authenticated.

Question 60

OCSP

Answer 60

Online Certificate Status Protocol

A protocol used for obtaining the revocation status of a digital certificate in real-time. It allows applications to check if a certificate has been revoked by querying a certificate authority’s (CA) OCSP server.

Question 61

CRL

Answer 61

Certificate Revocation List

A list of certificates that have been revoked by the certificate authority before their scheduled expiration date. This list is periodically published by the CA.

Question 62

CSR

Answer 62

Certificate Signing Request

A block of encoded text that is given to a certificate authority when applying for a digital certificate. It contains information about the entity requesting the certificate and the public key to be included in the certificate.

Question 63

Secure Cookies

Answer 63

Cookies are text files sent with every request to a website. Secure attribute, when set, instructs the browser and server to only transport the cookie over HTTPS channels.

Question 64

Implicit deny

Answer 64

It indicates that all traffic that isn’t explicitly allowed is implicitly denied. The implicit deny rule is the last rule in an ACL.

Question 65

EAP

Answer 65

Extensible Authentication Protocol

A framework for transporting authentication protocols, allowing various authentication methods. It’s like a system for checking who is allowed to use a network.

Question 66

EAP-TLS

Answer 66

EAP method using TLS for mutual authentication with certificates. Provides high security with client and server certificates.

Question 67

EAP-TTLS

Answer 67

An EAP method that creates a secure tunnel using a server-side certificate and then authenticates the client using another method inside this tunnel. Provides a secure way to authenticate without requiring client-side certificates.

Question 68

Captive portals

Answer 68

Redirect all traffic to a specific portal page, either to gather information or display the page itself. Once users fulfill the portal’s requirements, they gain access to the Internet.

Question 69

Broadcast storm prevention

Answer 69

Limit the number of broadcasts per second to avoid flooding attacks

Question 70

Bridge Protocol Data

Question 71

BPDU Guard

Answer 71

Bridge Protocol Data Unit Guard

A network security feature that disables a port if it receives a BPDU, preventing potential loops and unauthorized devices from influencing Spanning Tree Protocol (STP) topology.

Question 72

Loop prevention

Answer 72

A network feature that ensures data packets do not circulate endlessly in a network, preventing broadcast storms and network congestion. Spanning Tree Protocol (STP) prevents this from happening by forwarding, listening, or blocking on some ports.

Question 73

Dynamic Host Configuration
Protocol (DHCP) snooping

Answer 73

A defensive measure against an attacker that attempts to use a rogue DHCP device.

Question 74

Site survey

Answer 74

Site survey examines the wireless environment to identify potential issues, such as areas with noise or other devices operating on the same frequency bands.

Question 75

WiFi analyzers

Answer 75

Provide a means of determining signal strength and channel interference.

Question 76

Wireless Controller

Answer 76

– Centralized management of wireless access points
– Manage system configuration and performance

Question 77

Access point security

Answer 77

– Use strong passwords
– Update to the latest firmware

Question 78

IdP

Answer 78

Creates, manages, maintains identity information. Responsible for authenticating identity.

Question 79

SSH keys

Answer 79

Access credentials used by the Secure Shell (SSH) protocol. They function like usernames and passwords, but SSH keys are primarily used for automated processes and services.

Question 80

Shared and generic
accounts/credentials

Answer 80

Accounts used by multiple people or for generic purposes, often lacking personalized access controls. These can pose security risks due to the difficulty in tracking individual actions.

Question 81

Service accounts

Answer 81

Special accounts used by applications or services to interact with the operating system or other software. Not intended for direct human use.

Question 82

User accounts

Answer 82

An account on a computer associated with a specific person

Question 83

Guest accounts

Answer 83

Temporary accounts with limited permissions, used to provide access to visitors or short-term users without granting full user privileges.

Question 84

Geofencing

Answer 84

Automatically allow or restrict access when the user is in a particular location

Question 85

Geotagging

Answer 85

Add location metadata to a document or file. Latitude and longitude, distance, time stamps

Question 86

AH

Answer 86

Authentication Header
Protocol provides a mechanism for authentication only

Question 87

ESP

Answer 87

Encapsulating Security Payload
provides data confidentiality (encryption) and authentication (data integrity, data origin authentication, and replay protection). ESP can be used with confidentiality only, authentication only, or both confidentiality and authentication.

Question 88

EDR

Answer 88

An integrated endpoint security solution that combines: real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.

Question 89

Hypertext Transfer Protocol (HTTP) Headers

Answer 89

Are designed to transfer information between the host and the web server.

Question 90

Manual Code Review

Answer 90

Code is reviewed line by line to ensure that the code is well-written and error free.

Question 91

Hardware root of trust

Answer 91

It verifies that the keys match before the secure boot process takes place

Question 92

Intranet

Answer 92

A private network that is designed to host the information internal to the organization.

Question 93

Extranet

Answer 93

A section of an organization’s network that has been sectioned off to act as an intranet for the private network but also serves information to external business partners or the public Internet. A cross between internet and intranet

Question 94

East-West Traffic

Answer 94

Where traffic moves laterally between servers within a data center. north-south traffic moves outside the data center.

Question 95

L2TP/IPSec

Answer 95

This is the most secure tunneling protocol that can use certificates, Kerberos authentication, or a pre-shared key. L2TP/IPSec provides both a secure tunnel and authentication.

Question 95

Always On mode

Answer 95

a low-latency point-to-point connection between two sites. A tunnel between two gateways that is “always connected”

Question 96

Secure Socket Layer (SSL) VPN

Answer 96

Works with legacy systems and uses SSL certificates for authentication.

Question 97

HTML 5 VPN

Answer 97

Similar to the SSL VPN, as it uses certificates for authentication. easy to set up, and you just need an HTML5-compatible browser such as Opera, Edge, Firefox, or Safari.

Question 98

Agent-Based

Answer 98

Uses installed software agents for detailed, customizable data collection; requires more resources and maintenance.

Question 99

Agentless

Answer 99

Uses remote queries for easy deployment and low resource usage; may offer less detailed data.

Question 100

Out-of-band management

Answer 100

Enable IT to work around problems that may be occurring on the network.

Question 101

Forward proxy

Answer 101

Server that controls requests from clients seeking resources on the internet or an external network.

Question 102

Reverse Proxy

Answer 102

Placed on a screened subnet, performs the authentication and decryption of a secure session to enable it to filter the incoming traffic.

Question 103

Heuristic/behavior based

Answer 103

Creates a baseline of activity to identify normal behavior, and then measures system performance against the baseline to detect abnormal behavior.

Question 104

Signature-based

Answer 104

Uses signatures similar to the signature definitions used by anti-malware software.

Question 105

In-line

Answer 105

NIDS/NIPS placed on or near the firewall as an additional layer of security. (IDS mode)

Question 106

Passive

Answer 106

Traffic does not go through the NIPS/NIDS. Sensors and collectors forward alerts to the NIDS. (IDS mode)

Question 107

Sensors and collectors

Answer 107

Can be placed on a network to alert NIDS of any changes in traffic patterns on the network.

Question 108

Stateless

Answer 108

Watch network traffic and restrict or block packets based on source and destination addresses or other static values. Not ‘aware’ of traffic patterns or data flows. Typically, faster and perform better under heavier traffic loads.

Question 109

Stateful

Answer 109

Can watch traffic streams from end to end. Are aware of communication paths and can implement various IP security functions such as tunnels and encryption. Better at identifying unauthorized and forged communications.

Question 110

Access control list (ACL)

Answer 110

To allow or deny traffic.

Question 111

Quality of service (QoS)

Answer 111

Ensures that applications have the bandwidth they need to operate by prioritizing traffic based on importance and function.

Question 112

Port spanning/port mirroring

Answer 112

Switch features that duplicate network traffic for monitoring purposes.

Question 113

Port taps

Answer 113

Hardware devices that create a copy of the network traffic.

Question 114

File integrity monitors

Answer 114

detects changes to files that should not be modified

Question 115

CCMP

Answer 115

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol

Created to replace WEP and TKIP/WPA uses AES (Advanced Encryption Standard) with a 128-bit key

Question 116

SAE

Answer 116

Simultaneous Authentication
of Equals

used with WPA3-Personal and replaces the WPA2-PSK Protects against brute-force attacks

uses a secure Diffie Hellman handshake, called dragonfly

uses perfect forward secrecy, so immune to offline attacks

Question 117

RADIUS Federation

Answer 117

Enables members of one organization to authenticate to another with their normal credentials. Trust is across multiple RADIUS servers across multiple organizations. A federation service where network access is gained using wireless access points (WAPs).

Question 118

SIM

Answer 118

Subscriber Identity Module cards

Small computer chips that contain the information about mobile subscription allows the user to connect to a telecommunication provider to make calls, send text messages, or use the Internet.

Question 119

Infrared

Answer 119

The device is purely line-of-sight and has a maximum range of about 1 meter. Can be used to print from your laptop to an infrared printer.

Question 120

Point-to-point

Answer 120

One-to-one connection between the two devices communicating on a network, typically wireless

Question 121

Point-to-multipoint

Answer 121

A WAP connecting to multiple wireless devices

Question 122

Content Management

Answer 122

Stores business data in a secure area of the device in an encrypted format to protect it against attacks.

Question 123

Geolocation

Answer 123

Uses GPS to give the actual location of a mobile device.

Question 124

MicroSD HSM

Answer 124

MicroSD hardware
security module

A physical device that provides cryptographic features for your computer in a smaller, mobile form factor.

Question 125

SEAndroid

Answer 125

Provides additional access controls (MAC and DAC), security policies and includes policies for configuring the security of these mobile devices. prevents any direct access to the kernel of the Android operating system provides centralized management for policy configuration and device management.

Question 126

Sideloading

Answer 126

Enables installing an application package in .apk format on a mobile device. Useful for developers to run trial of third-party apps, but also allows unauthorized software to be run on a mobile device.

Question 127

Firmware over-the-air (OTA) updates

Answer 127

updates are pushed out periodically by the vendor, ensuring that the mobile device is secure.

Question 128

Multimedia Messaging Service (MMS)

Answer 128

A way to send pictures as attachments, similar to sending SMS messages.

Question 129

Rich Communication Services (RCS)

Answer 129

An enhancement to SMS and is used in Facebook and WhatsApp to send messages so that you can see the read receipts. You can also send pictures and videos.

Question 130

USB OTG

Answer 130

USB On-The-Go

Allows USB devices plugged into smartphones and tablets to act as a host for other USB devices.

Question 131

WI-FI direct/ ad hoc

Answer 131

Wi-Fi direct wireless network allows two Wi-Fi devices to connect to each other without requiring a WAP.

Ad-hoc is same but it is multipath and can share an internet connection with someone else.

Question 132

Tethering

Answer 132

The process of sharing a mobile device’s internet connection with other devices.

Question 133

CYOD

Answer 133

Choose your own device

New employee chooses from a list of approved devices.

Question 134

HA across zones

Answer 134

High availability across zones

unique physical locations within a region with independent power, network, and cooling

Question 135

Secrets management

Answer 135

Access for application secrets A secret is anything that you want to control access to, such as API keys, passwords, certificates, tokens, or cryptographic keys.

Question 136

Public and Private Subnets (Cloud)

Answer 136

Public - can connect directly to the internet.
Private - cannot connect directly to the internet to use for internal resources

Question 137

Security Groups

Answer 137

Use security groups to define permissible network traffic, consisting of rules similar to a firewall ruleset.

Question 138

Dynamic Resource Allocation

Answer 138

This uses virtualization technology to scale the cloud resources up and down as the demand grows or falls.

Question 139

Instance awareness

Answer 139

To prevent VM sprawl and unmanaged VMs. Tools like NIDS/NIPS can help to detect new instances.

Question 140

Container Security

Answer 140

Practices and tools designed to secure containers, which are lightweight, portable, and scalable units for running applications.

Question 141

Virtual private cloud (VPC) endpoint

Answer 141

allows you to create a private connection between your VPC and another cloud service without crossing over the internet.

Question 142

Impossible travel time

Answer 142

Login from distant locations within an impossibly short timeframe.

Question 143

Risky login

Answer 143

Suspicious login attempt based on unusual behavior or patterns.

Question 144

Account Disablement

Answer 144

Account management (the identity lifecycle) ranges from account creation at onboarding to its disablement when a user leaves the company.

Question 145

OAuth

Answer 145

is an open standard for authorization, commonly used as a way for Internet users to log into third party websites using their Microsoft, Google, Facebook, Twitter, One Network etc. accounts without exposing their password.

Question 146

OpenID

Answer 146

is an open standard, It provides decentralized authentication, allowing users to log into multiple unrelated websites with one set of credentials maintained by a third-party service referred to as an OpenID provider.

Question 147

Rule-based access control

Answer 147

applies global rules that apply to all subjects. Rules within this model are sometimes referred to as restrictions or filters.

Question 148

Key management

Answer 148

Management of cryptographic keys in a cryptosystem.

Question 149

Intermediate CA

Answer 149

An Intermediate Certificate Authority is an entity that is subordinate (lower in rank) to the Root CA and is responsible for issuing certificates to end entities or other subordinate CAs.

Question 150

RA

Answer 150

Registration Authority

It is an entity responsible for verifying the identities of entities requesting digital certificates before the certificates are issued by a Certificate Authority (CA).

Question 151

CN

Answer 151

Common Name

It is a field within a digital certificate that specifies the name of the entity (such as a server, device, or user) to which the certificate is issued. This field is part of the Distinguished Name (DN) in the certificate and is often used to identify the subject of the certificate.

Question 152

SAN

Answer 152

Subject alternative name

An extension in a digital certificate that allows additional identities (such as domain names, IP addresses, email addresses) to be associated with the subject of the certificate.

Question 153

Wildcard

Answer 153

Wildcard certificates include an asterisk and period before the domain name. SSL certificates commonly extend encryption to subdomains through the use of wildcards.

Question 154

Domain validation

Answer 154

A Domain-Validated (DV) certificate is an X.509 certificate that proves the ownership of a domain name.

Question 155

Extended validation

Answer 155

A type of SSL/TLS certificate that requires a rigorous verification process by the Certificate Authority (CA) to confirm the legal identity and operational status of the entity requesting the certificate.

Question 156

Stapling

Answer 156

A method used with OCSP, which allows a web server to provide information on the validity of its own certificate. Done by the web server essentially downloading the OCSP response from the certificate vendor in advance and providing it to browsers.

Question 157

Pinning

Answer 157

Certificate Pinning is a security mechanism that associates a host with its expected public key or certificate to mitigate the risk of man-in-the-middle attacks.

Question 158

Trust model

Answer 158

The framework and policies for how entities establish and manage trust relationships within a Public Key Infrastructure (PKI).

Question 159

Certicate chaining

Answer 159

Certificate Chaining is the process of linking certificates together from the end-entity certificate up to the Root CA to establish a chain of trust.