6.4 Given a scenario, implement public key infrastructure. Flashcards

1
Q

Certificate Authority (CA)

A

A certificate authority (CA) is an organization that is responsible for ISSUING, revoking, and distributing certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Registration Authority

A

– Responsible for verifying users’ identities and approving or denying requests for digital certificates.
– RAs do not issue certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Certificate Revocation List (CRL)

A

list that you need to update about revokes certs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Certificate Revocation List (CRL)

A

list that you need to update about revoked certs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Root CA

A

most trusted entity in PKI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Intermediate CA

A

A CA that is subordinate to the root CA by one or more levels and typically issues certificates to other CAs in the public key infrastructure (PKI) hierarchy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

CSR (Certificate Signing Request)

A

A message sent to a certificate authority from a user or organization to request and apply for a digital certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Certificate or Digital Certificate

A

Signed with the CA’s private key and associates the user’s credentials with a public key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Key Pair

A

Asymmetric encryption - 1 Public key & 1 Private Key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Stapling

A

allows a web server to provide information on the validity of its own certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Single-CA Model

A

A small company that has to get a cert from a CA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Hierarchical CA Model

A

A self signed CA, large company

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Cross-Certification CA Model

A

A small company buying or partnering with another small company

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Bridge CA Model

A

When a large company buys or partners with nay size company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Key Escrow

A

Used to store keys securely, while allowing one or more 3rd parties (key escrow agents) access to the keys under predefined conditions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

X.509 current Verson

A

version 3.

17
Q

X.509 is?

A

X.509 certificates are written in a specific format.

18
Q

Self-signed

A

it will be created and digitally signed by you. probably not trusted by other people.

19
Q

DER (Distinguished EncodingRules)

A

Used for binary DER-encoded certificates.

20
Q

PEM (Privacy-enhanced Electronic Mail)

A

Provide message confidentiality and integrity to emails.

21
Q

CER (Canonical Encoding Rules)

A
  • The Base64 format supports storage of a single certificate. – Public Key
  • This format does not support storage of the private key or certification path.
22
Q

PFX (Personal Information Exchange)

A

Unlike the .cer, the .pfx contains both the public and its associated private keys.

23
Q

P12 (PKCS #12)

A

This format usually contains X509 certificates, public and private key

24
Q
The CRL takes time to be fully disseminated. Which protocol allows a certificate’s authenticity to be immediately verified?
A. CA
B. CP
C. CRC
D. OCSP
A

D. OCSP

25
Q
Your IT manager has stated that you need to select an appropriate tool for email encryption. Which of the following would be the best choice?
A. MD5
B. PGP
C. TLS
D. IPSEC
A

B. PGP

26
Q
Which organization can be used to identify an individual for certificate issue in a PKI environment?
A. RA
B. LRA
C. PKE
D. SHA
A

A. RA

27
Q

Your company has implemented email encryption throughout the enterprise. You are concerned that someone might lose their cryptographic key. You want to implement some mechanism for storing copies of keys and recovering them. What should you implement? A. Key renewal
B. Key archival
C. Key escrow
D. Certificate rollover

A

C. Key escrow