CH26 Public Key Infrastructure Flashcards
Assuming that Dion Training trusts Thor Teaches, and Thor Teaches trusts Udemy, then we can assume Dion Training also trusts Udemy. What concept of PKI does the previous statement represent?
a. Domain level trust
b. Certificate authority trust
c. Public key trust
d. Transitive trust
d. Transitive trust
Transitive trust occurs when X trusts Y, and Y trusts Z, therefore X trusts Z. This is because the trust flows from the first part (Dion Training) through the second party (Thor Teaches) to the third party (Udemy).
You just received an email from Bob, your investment banker, stating that he completed the wire transfer of $10,000 to your bank account in Vietnam. The problem is, you do not have a bank account in Vietnam!, so you immediately call Bob to ask what happened. Bob explains that he received an email from you requesting the transfer. You insist you never sent that email to Bob initiating this wire transfer. What aspect of PKI could be used to BEST ensure that a sender actually sent a particular email message and avoid this type of situation?
a. CRL
b. Trust models
c. Recovery agents
d. Non-repudiation
d. Non-repudiation
Non-repudiation occurs when a sender cannot claim they didn’t send an email when they did. A digital signature should be attached to each email sent to achieve non-repudiation. This digital signature is comprised of a digital hash of the email’s contents, and then encrypting that digital hash using the sender’s private key. The receiver can then unencrypt the digital hash using the sender’s public key to verify the integrity of the message.
The digital certificate on the Dion Training web server is about to expire. Which of the following should Jason submit to the CA in order to renew the server’s certificate?
a. OSCP
b. CSR
d. Key escrow
e. CRL
b. CSR
A CSR (certificate signing request) is what is submitted to the CA (certificate authority) to request a digital certificate.
Key escrow stores keys,
CRL is a list of revoked certificate,
OCSP is a status of certificates that provides validity such as good, revoked, or unknown.
Why would a company want to utilize a wildcard certificate for their servers?
a. To increase the certificate’s encryption key length
b. To extend the renewal date of the certificate
c. To secure the certificate’s private key
d. To reduce the certificate management burden
d. To reduce the certificate management burden
OBJ-3.9: A wildcard certificate is a public key certificate that can be used with multiple subdomains of a domain. This saves money and reduces the management burden of managing multiple certificates, one for each subdomain. A single wildcard certificate for *.diontraining.com will secure all these domains (www.diontraining.com, mail.diontraining.com, ftp.diontraining.com, etc.). The other options provided are not solved by using a wildcard certificate.
