Chapter 10 Understanding Cryptography and PKI Flashcards by Jennifer Kajiwara

______ provides assurances that data has not been modified. Hashing ensures that data has retained integrity.

Integrity

How well did you know this?

Not at all

Perfectly

A ____ is a number derived from performing a calculation on data, such as a message, patch, or file.

Hash

How well did you know this?

Not at all

Perfectly

_______ creates a fixed-size string of bits or hexadecimal characters, which cannot be reversed to re-create the original data.

Hashing

How well did you know this?

Not at all

Perfectly

Common hashing algorithms include ___ and ______ ____ ________.

MD5 and Secure Hash Algorithm (SHA)

How well did you know this?

Not at all

Perfectly

_________ ensures that data is only viewable by authorized users.

Confidentiality

How well did you know this?

Not at all

Perfectly

_______ protects the confidentiality of data.

Encryption

How well did you know this?

Not at all

Perfectly

_______ scrambles, or ciphers, data to make it unreadable if intercepted.

Encryption

How well did you know this?

Not at all

Perfectly

_______ normally includes an algorithm and a key.

Encryption

How well did you know this?

Not at all

Perfectly

_______ _________ uses the same key to encrypt and decrypt data.

Symmetric encryption

How well did you know this?

Not at all

Perfectly

_________ _________ uses two keys (public and private) created as a matched pair.

Asymmetric encryption

How well did you know this?

Not at all

Perfectly

_________ _________ requires a Public Key Infrastructure (PKI) to issue certificates.

Asymmetric encryption

How well did you know this?

Not at all

Perfectly

True or False: Anything encrypted with the public key can only be decrypted with the matching private key.

True

How well did you know this?

Not at all

Perfectly

True or False: Anything encrypted with the private key can only be decrypted with the matching public key.

True

How well did you know this?

Not at all

Perfectly

_____ ______ encrypt data 1 bit at a time.

Stream ciphers

How well did you know this?

Not at all

Perfectly

_____ _______ encrypt data in blocks.

Block ciphers

How well did you know this?

Not at all

Perfectly

___________ provides a level of confidentiality by hiding data within other files.

Steganography

How well did you know this?

Not at all

Perfectly

A ______ _______ provides authentication, non-repudiation, and integrity.

Digital signature

How well did you know this?

Not at all

Perfectly

__________ validates an identity.

Authentication

How well did you know this?

Not at all

Perfectly

____________ prevents a party from denying an action.

Non-repudiation

How well did you know this?

Not at all

Perfectly

True or False : Users sign emails with a digital signature, which is a hash of an email message encrypted with the sender’s private key.

True

How well did you know this?

Not at all

Perfectly

True or False : Only the sender’s public key can decrypt the hash, providing verification it was encrypted with the sender’s private key.

True

How well did you know this?

Not at all

Perfectly

True or False : No matter how many times you execute the hashing algorithm against the data, the hash will always be the same if the data is the same.

True

How well did you know this?

Not at all

Perfectly

_______ _______ is a common hashing algorithm that produces a 128-bithash.

Message Digest 5 (MD5)

How well did you know this?

Not at all

Perfectly

True or False : Although, security experts now consider MD5 cracked and discourage its use, it is still widely used to verify the integrity of files. This includes email, files stored on disks, files downloaded from the Internet, executable files, and more.

True

How well did you know this?

Not at all

Perfectly

List the different types of SHA

1. SHA-0 - not used 2. SHA-1 - creates 160-bit hashes. deprecated by NIST in 2011 3. SHA-2 - four version SHA-256, SHA-512, SHA-224, SHA-384. The last two create truncated versions of the first two 4. SHA-3 - similar to SHA-2

An ____ is a fixed-length string of bits similar to other hashing algorithms such as MD5 and SHA-1

HMAC

True or False : HMAC also uses a shared secret key to add some randomness to the result and only the sender and receiver know the secret key.

True

True or False : Internet Protocol security (IPsec) and Transport Layer Security (TLS) often use a version of HMAC such as HMAC-MD5 and HMAC-SHA1.

True

_____ _________ ________ _______ ______ ______ is another hash function used for integrity, though it isn’t as widely used as MD5, SHA, and HMAC.

RACE Integrity Primitives Evaluation Message Digest (RIPEMD)

True or False : Many applications calculate and compare hashes automatically without any user intervention.

True

_________ is a free program anyone can use to create hashes of files.

sha1sum.exe

True or False : Hashing is a one-way function that creates a string of characters. You cannot reverse the hash to re-create the original file. Passwords are often stored as hashes instead of storing the actual password. Additionally, applications often salt passwords with extra characters before hashing them.

True

___ _________ is a technique used to increase the strength of stored passwords and can help thwart brute force and rainbow table attacks.

Key stretching (sometimes called key strengthening)

True or False : Key stretching techniques salt the passwords with additional random bits to make them even more complex.

True

List two common key stretching techniques

1. Bcrypt | 2. Password-based key derivation function 2 (PBKDF2)

______ is based on the Blowfish block cipher and is used on many Unix and Linux distributions to protect the passwords stored in the shadow password file.

Bcrypt

_____ salts the password by adding additional random bits before encrypting in.

Bcrypt

True or False: The result of bcrypt is a 60-character string

True

True or False : As an added measure, it's possible to add some pepper to the salt to further randomize the bcrypt string.

True The pepper is another set of random bits stored elsewhere

________ uses salts of at least 64 bits and uses a pseudo-random function such as HMAC to protect passwords.

PBKDF2

True or False : Many algorithms such as Wi-Fi Protected Access II (WPA2), Apple’s iOS mobile operating system, and Cisco operating systems use PBKDF2 to increase the security of passwords.

True

True or False : Some security experts believe that PBKDF2 is more susceptible to brute force attacks than bcrypt.

True

True or False : If a question asks what you would use to encrypt data and it lists hashing algorithms, you can quickly eliminate them because hashing algorithms don’t encrypt data.

True

_________ data is in a ciphertext format that is unreadable.

Encrypted

True or False : if data is sent in cleartext, an attacker can capture and read the data using a protocol analyzer.

True

_____ __ ____ refers to any data stored on media and it’s common to encrypt sensitive data.

Data-at-rest

____ __ _______ refers to any data sent over a network and it’s common to encrypt sensitive data-in-transit.

Data-in-transit

____ __ ___ refers to data being used by a computer.

Data-in-use

What two elements are included in symmetric and asymmetric encryption?

1. Algorithm | 2. Key

The _______ performs mathematical calculations on data and is always the same

Algorithm

The ___ is a number that provides variability for the encryption. It is either kept private and/or changed frequently.

Key

True or False : Many encryption schemes require a random or pseudo-random number as an input.

True

An ______ _____ provides a starting value for a cryptographic algorithm. It is a fixed-size random or pseudo-random number that helps create random encryption keys.

Initialization vector (IV)

A ______ is a number used once.

Nonce

True or False : Many cryptographic algorithms use a random or pseudo- random nonce as a seed or a starting number.

True

___ operations compare two inputs.

XOR

In the context of encryption, _______ means that the ciphertext is significantly different than the plaintext.

Confusion

Effective ______ techniques ensure that small changes in the plaintext result in large changes in the ciphertext.

Diffusion

A _______ algorithm is one that is kept private.

Secret

True or False : A weak algorithm can be cracked, allowing an attacker to easily convert ciphertext back to plaintext.

True

Within cryptography, ____ _______ refers to the security of an encryption key even if an attacker discovers part of the key.

High resiliency

A ____ _____ encrypts data in specific-sized blocks, such as 64-bit blocks or 128-bit blocks.

Block cipher

True or False : The block cipher divides large files or messages into these blocks and then encrypts each individual block separately.

True

A _____ ______ encrypts data as a stream of bits or bytes rather than dividing it into blocks.

Stream cipher

In general, ______ _______ are more efficient than block ciphers when the size of the data is unknown or sent in a continuous stream, such as when streaming audio and video over a network.

Stream ciphers

_____ _______ are more efficient when the size of the data is known, such as when encrypting a file or a specific-sized database field.

Block ciphers

True or False : An important principle when using a stream cipher is that encryption keys should never be reused.

True If a key is reused, it is easier to crack the encryption.

Algorithms that use ___ divide the plaintext into blocks and then encrypt each block using the same key.

Electronic Codeblock ECB

True or False : The Electronic Codebook (ECB) mode of operation is the simplest cipher mode

True

True or False : ECB is not recommended for use in any cryptographic protocols today.

True

_____ ______ ________ mode is used by some symmetric block ciphers. It uses an IV for randomization when encrypting the first block. It then combines each subsequent block with the previous block using an XOR operation.

Cipher Block Chaining (CBC)

Because encryption of each block is dependent on the encryption of all previous blocks, ____ sometimes suffers from pipeline delays, making it less efficient than some other modes.

CBC

_______ mode effectively converts a block cipher into a stream cipher. It combines an IV with a counter and uses the result to encrypt each plaintext block. Each block uses the same IV, but ___ combines it with the counter value, resulting in a different encryption key for each block.

Counter (CTM) It’s much more common to see it listed as CTR or CM.

True or False : Multiprocessor systems can encrypt or decrypt multiple blocks at the same time, allowing the algorithm to be quicker on multiprocessor or multicore systems.

True

True or False : CTM is not widely used and respected as a secure mode of operation.

True

______ ______ ____ is a mode of operation used by many block ciphers. It combines the _____ mode of operation with the _____ mode of authentication.

Galois/Counter Mode (GCM), Counter, Galois

True or False : In addition to encrypting the data for confidentiality, Galios/Counter Mode includes hashing techniques for integrity.

True

Symmetric encryption is also called ______ ___ encryption or _______ ___ encryption.

Secret-key or session-key

A ________ _____ replaces plaintext with ciphertext using a fixed system.

Substitution cipher

The ______ cipher uses the same substitution algorithm, but always uses a key of 13.

ROT13 (short for rotate 13 places)

True or False : ROT13 uses both the same algorithm and the same key, it doesn’t provide true encryption but instead just obfuscates the data.

True

True or False : Symmetric encryption algorithms change keys much more often than once a day.

True

The _______ _________ _________ is a strong symmetric block cipher that encrypts data in 128-bit blocks.

Advanced Encryption Standard (AES)

True or False : AES can use key sizes of 128 bits, 192 bits, or 256 bits, and it’s sometimes referred to as AES-128, AES-192, or AES-256 to identify how many bits are used in the key.

True

______ keys for a specific algorithm result in stronger key strength. (Page 691).

Longer

List some of the strengths of AES

1. Fast - uses elegant mathematical formulas and only requires a single pass to encrypt and decrypt data 2. Efficient - less resource intensive 3. Strong - strong encryption of data --> high level of confidentiality

____ ________ ________ is a symmetric block cipher that was widely used for many years, dating back to the 1970s.

Data Encryption Standard (DES)

True or False : DES encrypts data in 64- bit blocks. However, it uses a relatively small key of only 56 bits and can be broken with brute force attacks.

True DES is not recommended for use today.

____ is a symmetric block cipher designed to encrypt data using the DES algorithm in three separate passes and uses multiple keys.

3DES (pronounced as “Triple DES”)

True or False : 3DES uses key sizes of 58 bits, 116 bits, or 174 bits.

False 52, 112, 168 bits

___ is a symmetric stream cipher and it can use between 40 and 2,048 bits.

RC4 (also called ARC4)

True or False : Microsoft recommend disabling RC4 and using AES instead due to the speculation that NSA can break RC4.

True

True or False: TLS can implement either block or stream ciphers

True

_______ is a strong symmetric block cipher that encrypts data in 64-bit blocks and supports key sizes between 32 and 448 bits.

Blowfish

______ is related to Blowfish, but it encrypts data in 128-bit blocks and it supports 128-, 192-, or 256-bit keys.

Twofish

True or False: AES-256 is faster than Blowfish

False

List the type, method, and key size for the following: 1. AES 2. 3DES 3. Blowfish 4. Twofish 5. RC4 6. DES

1. Symmetric encryption, 128 bit block cipher, 128, 192, 256 bit key 2. Symmetric encryption, 64-bit block cipher, 56, 112, 168 bit key 3. Symmetric encryption, 64-bit block cipher, 32 to 448 bit key 4. Symmetric encryption, 128-bit block cipher, 128, 192, 256 bit key 5. Symmetric encryption, Stream cipher, 40 to 2048 bit key 6. Symmetric encryption, 64-bit block cipher, 56-bit key

encryption uses two keys in a matched pair to encrypt and decrypt data—a public key and a private key.

Asymmetric

True or False : If the public key encrypts information, only the matching private key can decrypt the same information.

True

True or False : If the private key encrypts information, only the matching public key can decrypt the same information.

True

True or False : Private keys are always kept private and never shared.

True

True or False : Public keys are freely shared by embedding them in a shared certificate.

True

True or False : Asymmetric encryption is not very resource intensive.

False Asymmetric encryption is resource intensive

___ ______ is any cryptographic method used to share cryptographic keys between two entities.

Key exchange

A ______ is a digital document that typically includes the public key and information on the owner of the certificate.

Certificate

True or False : Certificate Authorities issue and manage certificates.

True

True or False : Certificates are used for a variety of purposes beyond just asymmetric encryption, including authentication and digital signatures.

True

A key element of asymmetric encryption is a _______.

Certificate

List common elements within a certificate

1. Serial number - unique ID of the certificate 2. Issuer - the CA that issued the certificate 3. Validity dates 4. Subject - owner of the certificate 5. Public key - RSA asymmetric encryption uses the public key in combination with the matching private key 6. Usage

True or False : Email applications often use RSA to privately share a symmetric key between two systems.

True The application uses the recipient’s public key to encrypt a symmetric key, and the recipient’s private key decrypts it.

True or False : RSA laboratories recommend a key size of 2,048 bits to protect data through the year 2030. If data needs to be protected beyond 2030, they recommend a key size of 3,072 bits.

True

True or False : RSA is widely used on the Internet and elsewhere due to its strong security.

True

The two primary categories of asymmetric keys are _____ and __________.

Static and ephemeral

A _____ key is semi-permanent and stays the same over a long period of time.

Static

An ________ key has a very short lifetime and is re-created for each session.

Ephemeral

RSA uses _____ keys.

Static

______ _______ ______ indicates that a cryptographic system generates random public keys for each session and it doesn’t use a deterministic algorithm to do so. In other words, given the same input, the algorithm will create a different public key.

Perfect forward secrecy

______ _____ ___________ doesn’t take as much processing power as other cryptographic methods and is often considered with common use cases of low-power devices.

Elliptic curve cryptography (ECC)

True or False : ECC uses mathematical equations to formulate an elliptical curve. It then graphs points on the curve to create keys. This is mathematically easier and requires less processing power, while also being more difficult to crack.

True

_____ _______ is a key exchange algorithm used to privately share a symmetric key between two parties.

Diffie-Hellman (DH)

Diffie-Hellman methods support both _____ keys and ________ keys.

Static and ephemeral

______ ________ _________ uses ephemeral keys, generating different keys for each session.

Diffie-Hellman Ephemeral (DHE)

_____ ______ ______ _______ uses ephemeral keys generated using ECC.

Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)

______ _____ _______ ________, uses static keys.

Elliptic Curve Diffie-Hellman (ECDH)

True or False: With DH higher group numbers indicate the group is more secure. For example, DH Group 1 uses 768 bits in the key exchange process and DH Group 15 uses 3,072 bits.

True

True or False : Common examples of steganography are hiding data by manipulating bits and hiding data in the white space of a file.

True

True or False : Email digital signatures • The sender’s private key encrypts (or signs). • The sender’s public key decrypts.

True

True or False : Email encryption • The recipient’s public key encrypts. • The recipient’s private key decrypts.

True

True or False : Web site encryption • The web site’s public key encrypts. • The web site’s private key decrypts. • The symmetric key encrypts data in the web site session.

True

Cryptography provides two primary security methods you can use with email: _______ _________ and _______.

Digital signatures and encryption

The _____ ________ _______ uses an encrypted hash of a message. The hash is encrypted with the sender’s private key.

Digital signature algorithm (DSA)

True or False : If the recipient of a digitally signed email can decrypt the hash, it provides the following three security benefits: - Authentication - Non-repudiation - Integrity

True

True or False : A digital signature is an encrypted hash of a message. The sender’s private key encrypts the hash of the message to create the digital signature. The recipient decrypts the hash with the sender’s public key. If successful, it provides authentication, non-repudiation, and integrity. Authentication identifies the sender. Integrity verifies the message has not been modified. Non-repudiation prevents senders from later denying they sent an email.

True

When you’re encrypting email contents, the recipient’s ____ key encrypts and the recipient’s _______ key decrypts.

Public and private

True or False : Most email applications use asymmetric encryption to privately share a session key. They then use symmetric encryption to encrypt the data. They then use symmetric encryption to encrypt the data.

True

______/_____ _____ ___ _____ is one of the most popular standards used to digitally sign and encrypt email.

Secure/Multipurpose Internet Mail Extensions(S/MIME)

S/MIME uses ___ for asymmetric encryption and ___ for symmetric encryption.

RSA and AES

True or False : Because S/MIME uses RSA for asymmetric encryption, it requires a PKI to distribute and manage certificates.

True

True or False : like S/MIME, PGP uses both asymmetric and symmetric encryption.

True

_____ ____ ______ is a method used to secure email communication. It can encrypt, decrypt, and digitally sign email.

Pretty Good Privacy (PGP)

________ encryption methods encrypt data-in-transit to ensure transmitted data remains confidential.

Transport

Both ___ and ___ provide certificate-based authentication and they encrypt data with a combination of both symmetric and asymmetric encryption during a session.

SSL and TLS

True or False : SSL and TLS use asymmetric encryption for the key exchange (to privately share a session key) and symmetric encryption to encrypt data displayed on the web page and transmitted during the session.

True

True or False : Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are encryption protocols that have been commonly used to encrypt data-in transit.

True

______ _____ ______ is a replacement for SSL and is widely used in many different applications.

Transport Layer Security (TLS)

True or False : A CA is required to support TLS and SSL.

True

_____ uses asymmetric encryption to transmit a symmetric key using a secure key exchange method.

HTTPS

______ _____ are a combination of cryptographic algorithms that provide several layers of security for TLS and SSL, though most organizations have deprecated the use of SSL.

Cipher suites

True or False : When two systems connect, they negotiate to identify which cipher suite they use. Each system passes a prioritized list of cipher suites it is willing to use. They then choose the cipher suite that is highest on their lists and common to both lists.

True

A _____ ______ is a set of hardware, software, and/or firmware that implements cryptographic functions. This includes algorithms for encryption and hashing, key generation, and authentication techniques such as a digital signature.

Crypto module

A _____ ______ provider is a software library of cryptographic standards and algorithms. These libraries are typically distributed within crypto modules.

Crypto service

True or False : If administrators leave weak or deprecated algorithms functioning on servers, it makes the servers susceptible to attacks such as downgrade attacks.

True

A ______ _____ is a type of attack that forces a system to downgrade its security.

Downgrade attack

__________ ______ are most often associated with cryptographic attacks due to weak implementations of cipher suites.

Downgrade attacks

True or False : Attackers exploit this vulnerability by configuring their systems so that they cannot use TLS. When they communicate with the server, the server downgrades security to use SSL instead of TLS. This allows attackers to launch SSL-based attacks such as the well-known Padding Oracle On Downgraded Legacy Encryption (POODLE) attack.

True

One way to ensure that SSL isn’t used on a site is to modify the server’s protocol list and ensure that SSL is ________.

Disabled

If weak cipher suites are enabled on a server, it _______ the vulnerabilities.

Increases

A _____ ___ ________ is a group of technologies used to request, create, manage, store, distribute, and revoke digital certificates.

Public Key Infrastructure (PKI)

True or False : A primary benefit of a PKI is that it allows two people or entities to communicate securely without knowing each other previously.

True

A _______ ______ issues, manages, validates, and revokes certificates.

Certificate Authority (CA)

True or False : If the CA is trusted, all certificates issued by the CA are trusted.

True

CAs are trusted by placing a copy of their root certificate into a _____ ____ __ _____.

Trusted root CA store

The ____ _________ is the first certificate created by the CA that identifies it, and the store is just a collection of these root certificates.

Root certificate

True or False : Public CAs such as Symantec and Comodo negotiate with web browser developers to have their certificates included with the web browser. This way, any certificates that they sell to businesses are automatically trusted.

True

True or False : The most common trust model is the hierarchical trust model, also known as a centralized trust model.

True

_________ _________ combines all the certificates from the root CA down to the certificate issued to the end user.

Certificate chaining

A ___ __ _____ uses self-signed certificates, and a third party vouches for these certificates.

Web of trust

True or False : Many programs are available to automate the process of generating a public and private key pair

True

True or False : Submitted with a certificate signing request (CSR) is the purpose of the certificate, information about the website, the public key, and information about the owner of the site.

True

The CSR includes the ______ ___ but not the _______ ___

Public key, private key

True or False : After receiving the CSR, the CA validates my identity and creates a certificate with the public key. The validation process is different based on the usage of the certificate. In some cases, it includes extensive checking, and in other cases, verification comes from the credit card I use to purchase it.

True

_____ _________ are used to identify specific objects within the certificates

Object identifiers (OIDs)

The ___ is a string of numbers separated by dots. ___ can be used to name almost every object type in certificates.

OID(s)

True or False : In large organizations, a registration authority(RA) can assist the CA by collecting registration information. The RA never issues certificates. Instead, it only assists in the registration process.

True

True or False : An organization may choose to keep some CAs offline to protect them from attacks. Offline CAs can only accept CSRs manually.

True

True or False : an organization may choose to keep some CAs offline to protect them from attacks. Offline CAs can only accept CSRs manually.

True

``` True or False : A CA can use any of the following reasons when revoking a certificate: • Key compromise • CA compromise • Change of affiliation • Superseded • Cease of operation • Certificate hold ```

True

CAs use ________ ________ ____ to revoke a certificate.

Certificate revocation lists (CRLs, pronounced “crill”)

True or False : The CRL is a version 2 certificate that includes a list of revoked certificates by serial number.

True

List some common certificate issues

1. Expired 2. Certificate not trusted 3. Improper certificate and key management 4. Revoked

True or False : A common method of validating a certificate is by requesting a copy of the CRL

True

CRLs are typically ______ after being downloaded the first time.

Cached

True or False : Another method of validating a certificate is with the Online Certificate Status Protocol (OCSP). OCSP allows the client to query the CA with the serial number of the certificate. The CA then responds with an answer of “good,” “revoked,” or “unknown.” A response of “unknown” could indicate the certificate is a forgery.

True

OCSP ________ solves the problem of heavy traffic generation between clients and CAs

Stapling

True or False : In OCSP stapling, the certificate presenter obtains a timestamped OCSP response from the CA. Before sending it, the CA signs it with a digital signature. The certificate presenter then appends (or metaphorically staples) a timestamped OCSP response to the certificate during the TLS handshake process. This eliminates the need for clients to query the CA.

True

Public key ________ is a security mechanism designed to prevent attackers from impersonating a web site using fraudulent certificates.

Pinning

True or False : When configured on a web site server, the server responds to client HTTPS requests with an extra header. This extra header includes a list of hashes derived from valid public keys used by the web site. It also includes a max-age field specifying how long the client should store and use the data. When clients connect to the same web site again, they recalculate the hashes and then compare the recalculated hashes with the stored hashes. If the hashes match, it verifies that the client is connected to the same web site.

True

___ ______ is the process of placing a copy of a private key in a safe environment and is useful for recovery.

Key escrow

A ___ ______ ______ is a designated individual who can recover or restore cryptographic keys.

Key recovery agent

List some usage types of certificates

1. Machine/computer - The certificate is typically used to identify the computer within a domain. 2. User - Certificates can also be issued to users. They can be used for encryption, authentication, smart cards, and more. 3. Email - The two uses of email certificates are for encryption of emails and digital signatures. 4. Code signing - Developers often use code signing certificates to validate the authentication of executable applications or scripts. The code signing certificate verifies the code has not been modified. 5. Self-signed - A self-signed certificate is not issued by a trusted CA. Private CAs within an enterprise often create self-signed certificates. 6. Wildcard - A wildcard certificate starts with an asterisk (*) and can be used for multiple domains, but each domain name must have the same root domain. 7. SAN - A Subject Alternative Name (SAN) is used for multiple domains that have different names, but are owned by the same organization. 8. Domain validation - A domain-validated certificate indicates that the certificate requestor has some control over a DNS domain. 9. Extended validation - Extended validation certificates use additional steps beyond domain validation.

A ________ _______ starts with an asterisk (*) and can be used for multiple domains, but each domain name must have the same root domain.

Wildcard certificate

A _______ _________ ____ is used for multiple domains that have different names, but are owned by the same organization.

Subject Alternative Name (SAN)

True or False : Extended validation certificates use additional steps beyond domain validation.

True

True or False : Certificates are typically stored as binary files or as BASE64 American Standard Code for Information Interchange (ASCII) encoded files and some certificates are also encrypted to provide additional confidentiality.

True

The base format of certificates is _______ _______ _____ or ___________ ________ _______.

Canonical Encoding Rules (CER) or Distinguished Encoding Rules (DER)

True or False : CER-based certificates include headers and footers to identify the contents.

False it is DER

____ is derived from the Privacy Enhanced Mail format, but that is misleading. It implies that these certificates are used for email only.

PEM

True or False : PEM-based certificates can be used for just about anything.

True

___ certificates use the PKCS version 7 (PKCS#7) format and they are DER-based (ASCII). They are commonly used to share public keys with proof of identity of the certificate holder.

P7B

True or False: P7B can include the private key

False | It never includes the private key

___ certificates use the PKCS version 12 (PKCS#12) format and they are CER-based (binary).

P12

True or False : P12 are commonly used to hold certificates with the private key.

True

______ ________ ______ is a predecessor to the P12 certificate and it has the same usage. Administrators often use this format on Windows systems to import and export certificates.

Personal Information Exchange (PFX)

True or False : CER is a binary format for certificates and DER is an ASCII format. PEM is the most commonly used certificate format and can be used for just about any certificate type. P7B certificates are commonly used to share public keys. P12 and PFX certificates are commonly used to hold the private key.

True