3.5.10 I.S.E Flashcards
An SSL client has determined that the certificate authority (CA) issuing a server’s certificate is on its list of trusted CAs.
What is the next step in verifying the server’s identity?
The CA’s public key validates the CA’s digital signature on the server certificate.
The domain on the server certificate must match the CA’s domain name.
The master secret is generated from common key code.
The post-master secret must initiate subsequent communication.
The CA’s public key validates the CA’s digital signature on the server certificate.
Which of the following would require that a certificate be placed on the CRL?
The certificate validity period is exceeded.
The private key is compromised.
The encryption key algorithm is revealed.
The signature key size is revealed.
The private key is compromised.
Which technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large, complex environments?
Certificate revocation list
Online Certificate Status Protocol
Key escrow
Private key recovery
Online Certificate Status Protocol
A PKI is an implementation for managing which type of encryption?
Asymmetric
Symmetric
Hashing
Steganography
Asymmetric
In the process of obtaining a digital certificate, which entity may a certificate authority rely on to perform the validation of the certificate signing request (CSR)?
Certificate revocation list
Online Certificate Status Protocol
Registration authority
Root authority
Registration authority
A medium-sized e-commerce company is planning to upgrade their website’s security by acquiring a certificate from a certificate authority (CA).
The company wants to ensure that the certificate not only validates their domain ownership but also verifies the legitimacy of their organization. They are also looking for a validation process that can be completed within 1 to 3 days.
As the IT manager for the company, which level of CA validation would you recommend?
Self-signed certificate
Organization validation
Extended validation
Domain validation
Organization validation
The network administrator for an international e-commerce company that operates multiple online stores must ensure secure communication across various subdomains.
To streamline secure sockets layer/transport layer security (SSL/TLS) certificate management and implement a robust public key infrastructure (PKI), the network administrator must identify the most suitable solution for efficiently securing the company’s numerous subdomains within the PKI.
What is the MOST suitable solution for efficiently securing the multiple subdomains of the company’s online stores within the PKI?
Wildcard certificates
Certificate revocation lists (CRLs)
Self-signed certificates
Certificate pinning
Wildcard certificates
A private key has been stolen. Which action should you take to deal with this crisis?
Recover the private key from escrow
Delete the public key
Place the private key in escrow
Add the digital certificate to the CRL
Add the digital certificate to the CRL
You are concerned that if a private key is lost, all documents encrypted with your private key will be inaccessible.
Which service should you use to solve this problem?
Key escrow
OCSP
RA
CSP
Key escrow
Which of the following statements accurately describes the root of trust model in a public key infrastructure (PKI)?
The root of trust model defines how users and different CAs can trust one another, with each CA issuing itself a root certificate.
In the root of trust model, the root certificate is issued by a third-party CA, not the organization’s own CA.
The root of trust model involves a root certificate that is issued by a user, not a CA.
The root of trust model involves multiple root certificates, each issued by a different certificate authority (CA).
The root of trust model defines how users and different CAs can trust one another, with each CA issuing itself a root certificate.
