6.4 Given a scenario, implement public key infrastructure.

Question 1

Certificate Authority (CA)

Answer 1

A certificate authority (CA) is an organization that is responsible for ISSUING, revoking, and distributing certificates

Question 2

Registration Authority

Answer 2

– Responsible for verifying users’ identities and approving or denying requests for digital certificates.
– RAs do not issue certificates

Question 3

Certificate Revocation List (CRL)

Answer 3

list that you need to update about revokes certs.

Question 4

Certificate Revocation List (CRL)

Answer 4

list that you need to update about revoked certs.

Question 5

Root CA

Answer 5

most trusted entity in PKI.

Question 6

Intermediate CA

Answer 6

A CA that is subordinate to the root CA by one or more levels and typically issues certificates to other CAs in the public key infrastructure (PKI) hierarchy.

Question 7

CSR (Certificate Signing Request)

Answer 7

A message sent to a certificate authority from a user or organization to request and apply for a digital certificate

Question 8

Certificate or Digital Certificate

Answer 8

Signed with the CA’s private key and associates the user’s credentials with a public key.

Question 9

Key Pair

Answer 9

Asymmetric encryption - 1 Public key & 1 Private Key

Question 10

Stapling

Answer 10

allows a web server to provide information on the validity of its own certificate

Question 11

Single-CA Model

Answer 11

A small company that has to get a cert from a CA

Question 12

Hierarchical CA Model

Answer 12

A self signed CA, large company

Question 13

Cross-Certification CA Model

Answer 13

A small company buying or partnering with another small company

Question 14

Bridge CA Model

Answer 14

When a large company buys or partners with nay size company.

Question 15

Key Escrow

Answer 15

Used to store keys securely, while allowing one or more 3rd parties (key escrow agents) access to the keys under predefined conditions.

Question 16

X.509 current Verson

Answer 16

version 3.

Question 17

X.509 is?

Answer 17

X.509 certificates are written in a specific format.

Question 18

Self-signed

Answer 18

it will be created and digitally signed by you. probably not trusted by other people.

Question 19

DER (Distinguished EncodingRules)

Answer 19

Used for binary DER-encoded certificates.

Question 20

PEM (Privacy-enhanced Electronic Mail)

Answer 20

Provide message confidentiality and integrity to emails.

Question 21

CER (Canonical Encoding Rules)

Answer 21

• The Base64 format supports storage of a single certificate. – Public Key
• This format does not support storage of the private key or certification path.

Question 22

PFX (Personal Information Exchange)

Answer 22

Unlike the .cer, the .pfx contains both the public and its associated private keys.

Question 23

P12 (PKCS #12)

Answer 23

This format usually contains X509 certificates, public and private key

Question 24

The CRL takes time to be fully disseminated. Which protocol allows a certificate’s authenticity to be immediately verified?
A. CA
B. CP
C. CRC
D. OCSP

Answer 24

D. OCSP

Question 25

Your IT manager has stated that you need to select an appropriate tool for email encryption. Which of the following would be the best choice?
A. MD5
B. PGP
C. TLS
D. IPSEC

Answer 25

B. PGP

Question 26

Which organization can be used to identify an individual for certificate issue in a PKI environment?
A. RA
B. LRA
C. PKE
D. SHA

Answer 26

A. RA

Question 27

Your company has implemented email encryption throughout the enterprise. You are concerned that someone might lose their cryptographic key. You want to implement some mechanism for storing copies of keys and recovering them. What should you implement? A. Key renewal
B. Key archival
C. Key escrow
D. Certificate rollover

Answer 27

C. Key escrow