ch 4

Question 1

define key strength

Answer 1

primary characteristics that determine the resiliency of the key to attacks, randomness, length of key, crypto period.

Question 2

what are the different block cypher modes

Answer 2

(ECB) Electronic code book
(CBC) cipher block chaining
(CTR) Counter
(GCM) Galois/counter

Question 3

Block cypher mode that each possible block of plaintext has a defined corresponding ciphertext value and vise versa

Answer 3

(ECB) electronic code book

Question 4

block cipher mode in which a sequence of bits are encrypted as a single unit or blocked with a cipher key applied to the entire block.

Answer 4

(CBC)cipher block chaining

Question 5

block cipher mode in which value that is encrypted and given as input to XOR with plaintext which results in cyphertext block

Answer 5

(CTR) Counter

Question 6

Symmetric key that provides both privacy and integrity encryption

Answer 6

(GCM) Galois/ Counter

Question 7

Generates keys, provides key storage’s implements cryptographic algorithms. can be implemented in software or hardware

Answer 7

Crypto service provider

Question 8

a value that can be used to ensure that plaintext when hashed, will not consistently result in the same digest.

Answer 8

salt

Question 9

input value that must be unique with some specified scope

Answer 9

Nonce

Question 10

arbitrary number that can be used along with a secret key for data encryption

Answer 10

(IV) Initializing Vector

Question 11

used to prove a document originated from a valid sender. they only show the private key of the sender was used to encrypt the digital sender.

Answer 11

digital certificates

Question 12

used to help solve the problem of verifying identity

Answer 12

trusted third party

Question 13

associated a users identity to a public key

Answer 13

digital certificate

Question 14

responsible for digital certificates

Answer 14

(CA) Certificate authority

Question 15

also known as a (CSR) Certificate signing request.

Answer 15

digital certificate

Question 16

what is the process for the CSR

Answer 16

user signs the CSR then sends it to the intermediate CA, intermediate CA verifies the CSR and authenticity. intermediate CA’s process the certificates request, verifies the identity of the individual.

Question 17

what do you do to ensure the integrity of a Root CA (the beginning stage of a certificate)

Answer 17

keep it offline from the network

Question 18

publicly accessible centralized directory of digital certificates can be managed locally by a storage are connected to the CA server

Answer 18

(CR) Certificate Repository

Question 19

cert is no longer in use details have changed and the private key lost or stolen cert has been revoked

Answer 19

certificate revocation

Question 20

cert serial numbers that have been revoked

Answer 20

(CRL) certification revocation list

Question 21

performs real time lookup of the certificate status, called a request response protocol

Answer 21

(OCSP) Online certificate status protocol

Question 22

OCSP where web servers send queries to the OCSP responder server at regular intervals to receive a signal time stamped response.

Answer 22

OCSP stapling

Question 23

what are the common digital certs

Answer 23

Root cert, domain certs, hardware and software certs

Question 24

the process of verifying a digital certificate

Answer 24

certificate chaining

Question 25

endpoint of the chain of certificate chaining

Answer 25

user digital certificate

Question 26

the beginning of the chain of certificate chaining

Answer 26

root digital certificate

Question 27

performs two primary functions: authenticity of the web server to the client, authenticity of the cryptographic connection to web servers.

Answer 27

domain digital certificates

Question 28

Verifies the identity of the entity that has control over the domain name.

Answer 28

domain validation

Question 29

requires more extensive verification of the legitimacy of the business.

Answer 29

(EV) extended validation

Question 30

used to validate a main domain along with subdomains.

Answer 30

wildcard

Question 31

also known as a unified communications certificate, primarily used for Microsoft exchange servers or unified communications.

Answer 31

(SAN) Subject alternative name

Question 32

division that defines the most widely accepted digital certs

Answer 32

(ITU) Telecommunications Standardization Sector

Question 33

what is the standard certificate

Answer 33

x.509

Question 34

what does BER stand for

Answer 34

basic encoding rules

Question 35

what does CER stand for

Answer 35

cononical encoding rules

Question 36

what does DER stand for

Answer 36

Distinguished encoding rules

Question 37

framework for all entities involved in digital certs

Answer 37

(PKI) Public key Infrastructure

Question 38

what doe the cert management facilitate by PKI

Answer 38

create/ store/ distribute/ revoke

Question 39

confidence or reliance

Answer 39

trust

Question 40

trust relationship between individual and entities

Answer 40

trust model

Question 41

trust model where one person knows the other person

Answer 41

direct trust

Question 42

two individuals trust each other because of the trust of a third party

Answer 42

third party trust

Question 43

assign a single hierarchy with one master CA called the Root.

Answer 43

Hierarchical trust model

Question 44

A single CA private key could be compromised. could also create a significant backlog

Answer 44

trust model limitations

Question 45

multiple CA’s sign digital certificates

Answer 45

Distributed trust model

Question 46

One CA acts as a facilitator to interconnect connect all other CA’s

Answer 46

bridge trust model

Question 47

governs operations of a PKI

Answer 47

certificate policy (CP)

Question 48

technical document in detail on how the CA uses and manages certs

Answer 48

(CPS) Certificate practice statement

Question 49

occurs after user is positively identified

Answer 49

creation

Question 50

may occur when employee is on a leave of absence

Answer 50

suspension

Question 51

cert is no longer valid

Answer 51

revocation

Question 52

key can no longer be used

Answer 52

expiration

Question 53

public key storage embedded within digital certs, private key on users local system

Answer 53

key management

Question 54

removes all public and private keys and the users identification from the CA.

Answer 54

destruction

Question 55

uses AES, developed by netscape, most common transport algorithms

Answer 55

(SSL) Secure Socket Layer

Question 56

SSLv.3 served as the basis for TLS v1.0, current version is TLS v1.2

Answer 56

(TLS) Transport Layer Security

Question 57

named combination of the encryption, authentication, and message authentication code (MAC) algorithms that are used with SSL and TLS

Answer 57

Cipher suite

Question 58

determined by overall security

Answer 58

length of keys

Question 59

it is a LINUX/UNIX based command interface and protocol. used to access remote computers, can be used for a tool for secure network backups.

Answer 59

(SSH) Secure Shell

Question 60

Common use of TSL and SSL, The secure version is actually “PLAIN” HTTP sent over SSL or TLS. Uses port 443 instead of HTTP’s port 80.

Answer 60

(HTTPS) Hypertext Transport Protocol Secure

Question 61

Secures email messages/ as well as digitally signed email messages.

Answer 61

(S/MIME) Secure/ Multipurpose Internet Main Extensions

Question 62

Provides protection for Voice over IP (VoIP). Adds security features such as messages authentication and confidentiality for VoIP Communications.

Answer 62

(SRTP) Secure Real-Time Transport Protocol

Question 63

Considered to be transparent security protocol, Provides three areas of protection, Authentication, Confidentiality, Key Management. Supports two encryption modes.

Answer 63

(IPsec) IP security

Question 64

Encrypts only the data portion of the packet.

Answer 64

Transport

Question 65

Encrypts both the header and the data portion.

Answer 65

Tunnel