Ch. 6

Question 1

A trust model with one CA that acts as a facilitator to interconnect all other CAs

Answer 1

bridge trust model

Question 2

A trusted third-party agency that is responsible for issuing digital certificates

Answer 2

Certificate Authority (CA)

Question 3

A publicly accessible directory of digital certificates that can be used to view the status of a digital certificate

Answer 3

Certificate Repository (CR)

Question 4

A repository that lists revoked digital certificates

Answer 4

Certificate Revocation List (CRL)

Question 5

A specially formatted encrypted message that validates the information the CA requires to issue a digital certificate

Answer 5

Certificate Signing Request (CSR)

Question 6

A named combination of the encryption, authentication, and message authentication code (MAC) algorithms that are used with SSL and TLS

Answer 6

cipher suite

Question 7

A technology used to associate a user’s identity to a public key, in which the user’s public key is digitally signed by a trusted third party

Answer 7

digital certificate

Question 8

A type of trust model in which a relationship exists between two individuals because one person knows the other person

Answer 8

direct trust

Question 9

A trust model that has multiple CAs that sign digital certificates

Answer 9

distributed trust model

Question 10

A trust model that has a single hierarchy with one master CA

Answer 10

hierarchical trust model

Question 11

A secure version of HTTP sent over SSL or TLS

Answer 11

Hypertext Transport Protocol Security (HTTPS)

Question 12

A set of protocols developed to support the secure exchange of packets between hosts or networks

Answer 12

Internet Protocol Security (IPsec)

Question 13

A process in which keys are managed by a third party, such as a trusted CA

Answer 13

key escrow

Question 14

A highly trusted person responsible for recovering lost or damaged digital certificates

Answer 14

key recovery agent (KRA)

Question 15

A protocol that performs a real-time lookup of a certificate’s status

Answer 15

Online Certificate Status Protocol (OCSP)

Question 16

A framework for managing all of the entities involved in creating, storing, distributing, and revoking digital certificates

Answer 16

public key infrastructure (PKI)

Question 17

A subordinate entity designed to handle specific CA tasks such as processing certificate requests and authenticating users

Answer 17

Registration Authority (RA)

Question 18

A Linux/UNIX-based command interface and protocol for securely accessing a remote computer

Answer 18

Secure Shell (SSH)

Question 19

A protocol originally developed by Netscape for securely accessing a remote computer

Answer 19

Secure Sockets Layer (SSL)

Question 20

Symmetric keys to encrypt and decrypt information exchanged during a handshake session between a web browser and web server

Answer 20

session keys

Question 21

A trust model in which two individuals trust each other because each individually trusts a third party

Answer 21

third-party trust

Question 22

A protocol that is more secure than SSL and guarantees privacy and data integrity between applications

Answer 22

Transport Layer Security (TLS)

Question 23

The type of trust relationship that can exist between individuals or entities

Answer 23

trust model

Question 24

A ____ is a specially formatted encrypted message that validates the information the CA requires to issue a digital certificate.

a. Certificate Signing Request (CSR)
b. digital digest
c. FQDN form
d. digital certificate

Answer 24

a

Question 25

______ performs a real-time lookup of a digital certificate’s status.

a. Certificate Revocation List (CRL)
b. Online Certificate Status Protocol (OCSP)
c. CA Registry Database (CARD)
d. Real-Time CA Verification (RTCAV)

Answer 25

b

Question 26

______ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity.

a. Session keys
b. Encrypted signatures
c. Digital digests
d. Digital certificates

Answer 26

a

Question 27

Which of these is considered the weakest cryptographic transport protocol?

a. SSL v2.0
b. TLS v1.0
c. TSL v.1.1
d. TSL v1.3

Answer 27

a

Question 28

The strongest technology that would assure Alice that Bob is the sender of a message is a(n) _______.

a. digital signature
b. encrypted signature
c. digital certificate
d. digest

Answer 28

c

Question 29

A digital certificate associates ______.

a. a user’s private key with the public key
b. a private key with a digital signature
c. a user’s public key with his private key
d. the user’s identity with his public key

Answer 29

d

Question 30

Digital certificates can be used for each of these EXCEPT _______.

a. to encrypt channels to provide secure communication between clients and servers
b. to verify the identity of clients and servers on the Web
c. to verify the authenticity of the Registration Authorizer
d. to encrypt messages for secure email communications

Answer 30

c

Question 31

An entity that issues digital certificates is a ______.

a. Certificate Authority (CA)
b. Signature Authority (SA)
c. Certificate Signatory (CS)
d. Digital Signer (DS)

Answer 31

a

Question 32

A centralized directory of digital certificates is called a (n)______.

a. Digital Signature Approval List (DSAP)
b. Certificate Repository (CR)
c. Authorized Digital Signature (ADS)
d. Digital Signature Permitted Authorization (DSPA)

Answer 32

b

Question 33

In order to ensure a secure cryptographic connection between a web browser and a web server, a(n) _______ would be used.

a. web digital certificate
b. email web certificate
c. server digital certificate
d. personal digital certificate

Answer 33

c

Question 34

A digital certificate that turns the address bar green is a (n)______.

a. Personal Web-Client Certificate
b. Advanced Web Server Certificate (AWSC)
c. X.509 Certificate
d. Extended Validation SSL Certificate

Answer 34

d

Question 35

The ______-party rust model supports CA.

a. first
b. second
c. third
d. fourth

Answer 35

c

Question 36

Public Key Cryptography Standards (PKCS) ______.

a. are widely accepted in the industry
b. are used to create public keys only
c. define how hashing algorithms are created
d. have been replaced by PKI

Answer 36

a

Question 37

Which statement is NOT true regarding hierarchical trust models?

a. The root signs all digital certificate authorities with a single key.
b. It assigns a single hierarchy with one master CA
c. It is designed for use on a large scale.
d. The master CA is called the root

Answer 37

c

Question 38

Which of these is NOT where keys can be stored?

a. in tokens
b. in digests
c. on the user’s local system
d. embedded in digital certificates

Answer 38

b

Question 39

Public key infrastructure (PKI)_______.

a. creates private key cryptography
b. is the management of digital certificates
c. requires the use of an RA instead of a CA
d. generates public/private keys automatically

Answer 39

b

Question 40

A(n)______ is a published set of rules that govern the operation of a PKI.

a. enforcement certificate (EF)
b. certificate practice statement (CPS)
c. certificate policy (CP)
d. signature resource guide (SRG)

Answer 40

c

Question 41

Which of these is NOT part of the certificate life cycle?

a. revocation
b. authorization
c. creation
d. expiration

Answer 41

b

Question 42

_______ refers to a situation in which keys are managed by a third party, such as a trusted CA.

a. Key escrow
b. Remote key administration
c. Trusted key authority
d. Key authorization

Answer 42

a

Question 43

_______ is a protocol for securely accessing a remote computer.

a. Secure Shell (SSH)
b. Secure Sockets Layer (SSL)
c. Secure Hypertext Transport Protocol (SHTTP)
d. Transport Layer Security (TLS)

Answer 43

a