Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SY0-701 Security+ Exam > Certificates & Trust > Flashcards

Certificates & Trust Flashcards

1
Q

Digital certificates that are signed by the entity that issues them rather than by a trusted Certificate Authority (CA). They provide encryption for data transmission but lack third-party validation, making them less secure for public-facing applications.

A

Self-Signed Digital Certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A digital certificate used to authenticate the identity of a client (e.g., a user or device) to a server. It is often used in mutual TLS to establish trust between both parties.

Example: A VPN client uses a this type of certificate to authenticate itself to the VPN server before access is granted.

A

Client Certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A digital certificate that provides the highest level of assurance and requires rigorous verification of the organization’s identity before issuance. It typically displays the organization’s name in the browser’s address bar for enhanced trust.

Example: An e-commerce website uses an this certificate to display the organization’s verified name in the browser’s address bar, assuring customers of its legitimacy.

A

Extended Validation (EV) Certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A digital certificate issued to a server to enable secure communication, such as HTTPS. It authenticates the server’s identity and facilitates encryption between the server and its clients.

Example: A web server hosting an online store uses this certificate to secure customer data during transactions.

A

Server Certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A type of SSL/TLS certificate that secures a domain and all its subdomains with a single certificate. It uses a wildcard character (*) to apply to all subdomains.

Example: This certificate for *.example.com secures www.example.com, mail.example.com, and blog.example.com.

A

Wildcard Certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Digital certificates issued by a trusted Certificate Authority (CA) to authenticate the identity of an organization or individual and establish secure communication. They are widely trusted because they are validated by a recognized third-party authority.

Example: A business uses a this digital certificate from a trusted CA like DigiCert to secure its website and enable HTTPS.

A

Third-Party Digital Certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A foundational element in a security architecture that provides a trusted starting point for verifying the integrity and authenticity of a system. It is typically implemented in hardware and ensures that cryptographic keys, firmware, and software are secure.

Example: A Trusted Platform Module (TPM) acts as this, storing cryptographic keys used for secure boot and encryption.

A

Root of Trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The framework used to establish, manage, and validate trust relationships in a Public Key Infrastructure (PKI). It defines how Certificate Authorities (CAs), users, and certificates interact to ensure secure communication.

A

PKI Trust Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A simple PKI model where a single Certificate Authority (CA) issues all certificates and directly establishes trust. It is easy to manage but has a single point of failure.

Example: A small organization uses this to issue certificates for internal systems.

A

Single Certificate Authority (CA) Model - PKI Trust Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A PKI model with a root CA at the top, which certifies intermediate CAs. Intermediate CAs issue end-user certificates. This model improves scalability and security by isolating root CA operations.

Example: A corporate PKI system where this model delegates certificate issuance to intermediate CAs.

A

Hierarchical Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A decentralized PKI model where multiple CAs cross-certify each other, allowing certificates from different CAs to be trusted across systems.

Example: Two companies with separate CAs set up a mesh model to trust each other’s certificates during a collaboration.

A

Mesh model (cross-certifying CAs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A decentralized trust model where all CAs act as root CAs, and trust is established by mutual endorsements or signatures among users.

Example: PGP email encryption relies on a this model, where individuals manually verify and sign others’ keys.

A

Web of Trust Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A PKI model where multiple CAs form a sequential chain, with each CA certifying the next one in the hierarchy. The trust begins with the root CA and extends through the chain.

Example: A certificate validated by following this model back to the root CA.

A

Chain of Trust Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A trust model that connects separate PKI infrastructures via a “Bridge CA” to facilitate interoperability. The Bridge CA cross-certifies participating PKIs.

Example: Government agencies with independent PKIs uses this model to share certificates securely.

A

Bridge Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A flexible PKI model combining features from hierarchical, mesh, and bridge models to meet complex organizational needs. It offers scalability, redundancy, and flexibility.

Example: A multinational company uses this model to integrate regional hierarchical PKIs with a mesh model for inter-region trust.

A

Hybrid Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A globally unique identifier used in PKI to specify attributes, policies, or algorithm identifiers in digital certificates.

A

OID - Object Identifier

17
Q

A file created by an applicant to request a digital certificate from a CA. It contains the public key and identifying information to be included in the certificate.

A

CSR - Certificate Signing Request

18
Q

A string that uniquely identifies an entity in a digital certificate, including attributes like common name (CN), organization (O), and country (C).

Example: CN=example.com, O=Example Corp, C=US is a DN for a server certificate.

A

DN - Distinguished Name

19
Q

A list maintained by a CA that contains certificates that have been revoked before their expiration date, ensuring they are no longer trusted.

Example: A revoked client certificate appears on this, preventing unauthorized access.

A

CRL - Certificate Revocation List

20
Q

A digital certificate issued by the root Certificate Authority (CA) to sign other certificates, including intermediate CA certificates and end-user certificates. It is the foundation of trust in a PKI hierarchy.

A

Root Signing Certificate

21
Q

A digital certificate that allows multiple domain names or IP addresses to be secured with a single certificate, using the Subject Alternative Name extension.

A

Subject Alternative Name (SAN)

22
Q

A 128-bit value used to uniquely identify objects, entities, or records across systems and applications. They are designed to be unique even across distributed systems.

Example: 550e8400-e29b-41d4-a716-446655440000 is a typical example used to identify a database record or software component.

A

GUID - Globally Unique Identifier

23
Q

Refers to IT systems, software, or services used within an organization without the approval or oversight of the IT department. Employees often use this to increase productivity but it can lead to security risks and compliance issues.

Example: An employee using a personal cloud storage service like Dropbox instead of the organization’s sanctioned file-sharing platform.

A

Shadow IT

24
Q

A government-sponsored actor that conducts cyberattacks to further national interests, such as espionage, cyber warfare, or intellectual property theft.

Example: engaging in cyber espionage to steal sensitive military or political data.

A

Nation-State

25
Q

An individual with limited technical knowledge who relies on automated tools or basic attack methods to exploit vulnerabilities, often for financial gain or notoriety.

Example: A script kiddie using pre-written malware to deface a website.

A

Unskilled Attacker

26
Q

A person or group using hacking techniques to promote political, social, or environmental causes, often targeting government or corporate systems to make a statement.

Example: A group hacking government websites to protest human rights violations.

A

Hacktivist

27
Q

A current or former employee, contractor, or business partner who has access to an organization’s systems and uses that access for malicious purposes, such as data theft or sabotage.

Example: An employee stealing sensitive company data for personal gain or to sell to competitors.

A

Insider Threat

28
Q

Criminal organizations that engage in sophisticated, coordinated cybercriminal activities, often targeting businesses or individuals for financial gain through activities like ransomware, fraud, and identity theft.

Example: A cybercriminal gang running a global ransomware operation targeting large corporations.

A

Organized Crime

SY0-701 Security+ Exam (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions