Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTia Security Plus > 3.9 Public Key Infrastructure PKI > Flashcards

3.9 Public Key Infrastructure PKI Flashcards

1
Q

Define CA (3)

A
  1. Certificate Authority
  2. Verifies information and signs certificates
  3. Provides verification and validation of certificates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define Intermediate CA (2)

A
  1. A CA with a subset of certificates under a CA
  2. Limits the scope of CA compromise to only the subset of certificates it contains
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Registration Authority (RA)

A
  1. Decides if Certificate Signature Requests CSRs should be granted after verifying and validating the requestor
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define Certificate Revocation List (CRL) (2)

A
  1. A list of certificates that have been revoked and are not valid
  2. Certificates may be revoked due to compromise or valid changes/updates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define Online Certificate Status Protocol (OSCP)

A

Used to expedite the process of validating a certificate, instead of downloading CRL(s) which can be huge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define Certificate Signing Request (CSR)

A

Final step of creating a valid certificate where the public key is sent to CA/RA to be validated or “signed”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define Common Name (CN) relative to certificates

A

The fully qualified domain name(s) for which the certificate is valid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define Subject Alternative Name (SAN)

A

Alternate domain names for which the certificate is valid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define distinguished encoding rules (DER) format for certificates (2)

A
  1. Binary format, typically used with Java
  2. Cannot be transferred via email, unless encoded with base64 which translates it to ASCII text, for example
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define P12 certificate format (2)

A
  1. Container format capable of storing multiple certificates, useful for transferring both public and private keys
  2. Container access can be password protected, allowing secure transfer, especially good for private key transfer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define PFX certificate format (2)

A
  1. Microsoft’s implementation, nearly exactly like P12
  2. Used to store private keys
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define PEM certificate format (2)

A
  1. Plain ASCII representation of certificate
  2. Not secure for transferring private keys
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define CER certificate format (2)

A
  1. Used by Windows OS to store public certificates
  2. Supports DER and PEM format
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define P7B certificate format (3)

A
  1. ASCII text file that can be transferred via email
  2. Not secure for transferring private keys
  3. Widely supported by multiple OS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define aspects of online CA (2)

A
  1. Best practice is to have intermediate CA with a subset of certificates online in the organization to sign certificates
  2. If compromised, only the subset of certificates on it need to be re-issued
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define aspects of offline CA (2)

A
  1. Best practice is keep the root CA offline (not network attached) to prevent it from being compromised
  2. If online, intermediate CA is compromised, certificates for a replacement CA can be generated from the root CA
17
Q

Define stapling relative to certificates (2)

A
  1. Uses OSCP to eliminate need to check with CA to see if the certificate is revoked
  2. Status information for that certificate is digitally signed and stored on the local server and “stapled” to it
18
Q

Define certificate pinning (2)

A
  1. A copy of a certificate is included “pinned” in the source code of an application, such as web browser
  2. When application connects to a server, it compares the copy of certificate provided by server to its pinned copy to ensure integrity
19
Q

Define Web of Trust relative to certificates (2)

A
  1. If a certificate comes from an untrusted source, but is signed by a trusted source, you can trust it
  2. PGP uses this
20
Q

Define trust escrow relative to certificates

A

A third-party is trusted with decryption keys

21
Q

Define certificate chaining (2)

A
  1. Validation of a certificate across multiple intermediate CAs before finally reaching a root CA
  2. Requires that server must trust all CAs in the chain

CompTia Security Plus (35 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions