Ch. 6 Flashcards
A trust model with one CA that acts as a facilitator to interconnect all other CAs
bridge trust model
A trusted third-party agency that is responsible for issuing digital certificates
Certificate Authority (CA)
A publicly accessible directory of digital certificates that can be used to view the status of a digital certificate
Certificate Repository (CR)
A repository that lists revoked digital certificates
Certificate Revocation List (CRL)
A specially formatted encrypted message that validates the information the CA requires to issue a digital certificate
Certificate Signing Request (CSR)
A named combination of the encryption, authentication, and message authentication code (MAC) algorithms that are used with SSL and TLS
cipher suite
A technology used to associate a user’s identity to a public key, in which the user’s public key is digitally signed by a trusted third party
digital certificate
A type of trust model in which a relationship exists between two individuals because one person knows the other person
direct trust
A trust model that has multiple CAs that sign digital certificates
distributed trust model
A trust model that has a single hierarchy with one master CA
hierarchical trust model
A secure version of HTTP sent over SSL or TLS
Hypertext Transport Protocol Security (HTTPS)
A set of protocols developed to support the secure exchange of packets between hosts or networks
Internet Protocol Security (IPsec)
A process in which keys are managed by a third party, such as a trusted CA
key escrow
A highly trusted person responsible for recovering lost or damaged digital certificates
key recovery agent (KRA)
A protocol that performs a real-time lookup of a certificate’s status
Online Certificate Status Protocol (OCSP)
A framework for managing all of the entities involved in creating, storing, distributing, and revoking digital certificates
public key infrastructure (PKI)
A subordinate entity designed to handle specific CA tasks such as processing certificate requests and authenticating users
Registration Authority (RA)
A Linux/UNIX-based command interface and protocol for securely accessing a remote computer
Secure Shell (SSH)
A protocol originally developed by Netscape for securely accessing a remote computer
Secure Sockets Layer (SSL)
Symmetric keys to encrypt and decrypt information exchanged during a handshake session between a web browser and web server
session keys
A trust model in which two individuals trust each other because each individually trusts a third party
third-party trust
A protocol that is more secure than SSL and guarantees privacy and data integrity between applications
Transport Layer Security (TLS)
The type of trust relationship that can exist between individuals or entities
trust model
A ____ is a specially formatted encrypted message that validates the information the CA requires to issue a digital certificate.
a. Certificate Signing Request (CSR)
b. digital digest
c. FQDN form
d. digital certificate
a
______ performs a real-time lookup of a digital certificate’s status.
a. Certificate Revocation List (CRL)
b. Online Certificate Status Protocol (OCSP)
c. CA Registry Database (CARD)
d. Real-Time CA Verification (RTCAV)
b
______ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity.
a. Session keys
b. Encrypted signatures
c. Digital digests
d. Digital certificates
a
Which of these is considered the weakest cryptographic transport protocol?
a. SSL v2.0
b. TLS v1.0
c. TSL v.1.1
d. TSL v1.3
a
The strongest technology that would assure Alice that Bob is the sender of a message is a(n) _______.
a. digital signature
b. encrypted signature
c. digital certificate
d. digest
c
A digital certificate associates ______.
a. a user’s private key with the public key
b. a private key with a digital signature
c. a user’s public key with his private key
d. the user’s identity with his public key
d
Digital certificates can be used for each of these EXCEPT _______.
a. to encrypt channels to provide secure communication between clients and servers
b. to verify the identity of clients and servers on the Web
c. to verify the authenticity of the Registration Authorizer
d. to encrypt messages for secure email communications
c
An entity that issues digital certificates is a ______.
a. Certificate Authority (CA)
b. Signature Authority (SA)
c. Certificate Signatory (CS)
d. Digital Signer (DS)
a
A centralized directory of digital certificates is called a (n)______.
a. Digital Signature Approval List (DSAP)
b. Certificate Repository (CR)
c. Authorized Digital Signature (ADS)
d. Digital Signature Permitted Authorization (DSPA)
b
In order to ensure a secure cryptographic connection between a web browser and a web server, a(n) _______ would be used.
a. web digital certificate
b. email web certificate
c. server digital certificate
d. personal digital certificate
c
A digital certificate that turns the address bar green is a (n)______.
a. Personal Web-Client Certificate
b. Advanced Web Server Certificate (AWSC)
c. X.509 Certificate
d. Extended Validation SSL Certificate
d
The ______-party rust model supports CA.
a. first
b. second
c. third
d. fourth
c
Public Key Cryptography Standards (PKCS) ______.
a. are widely accepted in the industry
b. are used to create public keys only
c. define how hashing algorithms are created
d. have been replaced by PKI
a
Which statement is NOT true regarding hierarchical trust models?
a. The root signs all digital certificate authorities with a single key.
b. It assigns a single hierarchy with one master CA
c. It is designed for use on a large scale.
d. The master CA is called the root
c
Which of these is NOT where keys can be stored?
a. in tokens
b. in digests
c. on the user’s local system
d. embedded in digital certificates
b
Public key infrastructure (PKI)_______.
a. creates private key cryptography
b. is the management of digital certificates
c. requires the use of an RA instead of a CA
d. generates public/private keys automatically
b
A(n)______ is a published set of rules that govern the operation of a PKI.
a. enforcement certificate (EF)
b. certificate practice statement (CPS)
c. certificate policy (CP)
d. signature resource guide (SRG)
c
Which of these is NOT part of the certificate life cycle?
a. revocation
b. authorization
c. creation
d. expiration
b
_______ refers to a situation in which keys are managed by a third party, such as a trusted CA.
a. Key escrow
b. Remote key administration
c. Trusted key authority
d. Key authorization
a
_______ is a protocol for securely accessing a remote computer.
a. Secure Shell (SSH)
b. Secure Sockets Layer (SSL)
c. Secure Hypertext Transport Protocol (SHTTP)
d. Transport Layer Security (TLS)
a
