Chapter 2: Public Key Infrastructure

Question 1

is a asymmetric encryption that has a Certificate Authority and the associated infrastructure to support issuing and managing certificates.

Answer 1

Public Key Infrastructure (PKI)

Question 2

the ultimate authority as it holds the master key, also known as the root key, for signing all the certificates that it gives the Intermediary who issues the certificate to the requester.

Answer 2

Certificate Authority (CA)

Question 3

internal online CA is always up and running so that people in the company can request a certificate at any time of the day or night.

Answer 3

Online CA

Question 4

is for military or secure environment where clearance and vetting must be completed before someone can be issued with a certificate.

Answer 4

Offline CA

Question 5

is also known as a third party CA and is commercially accepted as an authority for issuing pubic certificates—examples include Sectigo, Symantec, Go Daddy..

Answer 5

Public CA

Question 6

can only be used internally. However, you must maintain the CA.

Answer 6

Private CA

Question 7

validates and accepts the incoming requests for certificates from users on the network and notifies the CA to issue the certificates. The certificates thare used are known as X509 certificates.

Answer 7

Registration Authority (RA)

Question 8

prevents the compromising of the CA and the issuing of fraudulent X509 certificates. It prevents SSL man in the middle attacks.

Answer 8

Certificate Pinning

Question 9

in PKI environment is the root certificate from which the whole chain of trust is derived; this is the root CA

Answer 9

Trust Anchor

Question 10

proves the authenticity of a certificate

Answer 10

Trust Model

Question 11

Type of Trust Model that uses hierarchy from the root CA down to the intermediary

Answer 11

Hierarchical Trust Model

Question 12

peer to peer trust model where two separate PKI environments trust each other

Answer 12

Bridge Trust Model

Question 13

this chain of trust is used to verify who the CA is. The chain normally has three layers—certificate vendor, the vendors CA, and the computer where the certificate is installed.

Answer 13

Certificate Chaining

Question 14

first stage in checking whether a certificate is valid. If the certificate is not valid it will be entered into the ____

Answer 14

Certificate Revocation List (CRL

Question 15

If the CRL is going slow; it is much faster than the CRL and can take the load from CRL in a busy environment

Answer 15

Online Certificate Status Protocol (OSCP)

Question 16

is used when a web server bypasses the CRL to use the OSCP for faster certificate validation.

Answer 16

OSCP Stapling/Certificate Stapling

Question 17

This is the process of requesting a new certificate.

Answer 17

Certificate Signing Request (CSR)

Question 18

holds the private keys for third parties and stores them in a Hardware

Answer 18

Key Escrow

Question 19

is a device that can store digital keys. It could be as simple as an external hard drive.

Answer 19

Security Module

Question 20

can be a piece of hardware attached to the server or a portable device that is attached to store the keys.

Answer 20

Hardware Security Module (HSM)

Question 21

if a user cannot access their data because their private key is corrupted, the ___ will recover the data. The ____needs to get a copy of the private key from the key escrow.

Answer 21

Data Recovery Agent (DRA)

Question 22

the OID on a certificate is similar to a serial number on a banknote. Banknotes are identified by their serial number. The certificate is identified by the OID.

Answer 22

Object Identifier (OID)

Question 23

moving a letter three places one way or another to encrypt

Answer 23

Substitution Cipher

Question 24

variation of the Caesar cipher, rotating the letters 13 times.

Answer 24

ROT13

Question 25

only uses one key, which is known as the secret key. The same key encrypts and decrypts the data. The risk is if the key is stolen the attacker gets the key to the kingdom.

Answer 25

Symmetric Encryption

Question 26

Name all of the Symmetric Encryptions

Answer 26

DES 56 bit; 3DES 168 bit; AES 256 bit; Twofish 128 bit; Blowfish 64 bit

Question 27

when symmetric data is in transit, it is protected by Diffie Hellman, whose main purpose is to create a secure tunnel for symmetric data to pass through. It does not encrypt the data but creates a secure tunnel.

Answer 27

Diffie Hellman (DH)

Question 28

uses two keys, a private and public key. (PKI is an example of this)

Answer 28

Asymmetric Encryption

Question 29

The first stage in digital signatures is to exchange public keys, the same principal as encryption. George wants to send Mary an email and he wants to ensure it has not been altered in transit. —digital signature uses the sender’s private key

Answer 29

Digital Signature

Question 30

comes in three key strengths: 128, 192, and 256.
-commonly used for L2TP/IPSec VPNs
(type of symmetric encryption)

Answer 30

Advanced Encryption Standard (AES)

Question 31

groups data into 64 bit blocks, but for purpose of exam 56 bit.
-fastest but weakest
-could be used for L2TP/IPSec VPNs
(type of symmetric encryption)

Answer 31

Data Encryption Standard (DES)

Question 32

applies the DES key three times and is said to be 168 bit key.
-could be used for L2TP/IPSec VPNs
(type of symmetric encryption)

Answer 32

Triple DES (3DES)

Question 33

is 40 bits and is used by WEP
-seen as stream cipher

Answer 33

Rivest Cipher (RC4)

Question 34

does not encrypt the session. It creates secure session so that symmetric data can travel down
-creates the keys used in the IKE Internet Key Exchange:
-uses UDP port 500 to set up secure sessions for L2TP/IPSec VPN
-once secure tunnel has been created then the symmetrically encrypted data flows down the tunnel
-Type of Assymmetric Algorithm

Answer 34

Diffie Hellman (DH)

Question 35

is named after the three people who invented the algorithm. The keys were first private and public key pairs.
-start at 1024, 2048, 3072, and 4096 bits.
-used for encryption and digital signatures

Answer 35

Rivest, Shamir, and Adelman (RSA)

Question 36

keys are used for digital signatures
-start at 512 bits, but 1024 and 2048 bit keys are faster than RSA for digital signatures

Answer 36

Digital Signature Algorithm (DSA)

Question 37

small, fast key that is used for encryption in small mobile devices.
-AES 256 is used in military mobile cell phones
-uses less processing than other encryptions
-type of assymmetric encryption

Answer 37

Elliptic Curve Cryptography (ECC)

Question 38

short lived keys–used for a single session

Answer 38

ephemeral keys

Question 39

used between two users to set up symmetric encryption and digital signature. For ____to operate you need a private and public key pair.

Answer 39

Pretty Good Privacy (PGP)

Question 40

uses a block cipher and encrypts large blocks of data much faster than the asymmetric technique

Answer 40

Symmetric Encryption

Question 41

much more secure as it has two keys and used DH to create a secure tunnel for the symmetric data.

Answer 41

Asymmetric Encryption

Question 42

Difference Between Digital Signatures and Encryption

Answer 42

-Digital Signature verifies the identity of the sender. It provides authenticity, integrity, and non-repudiation.
*Used in document signing/email/legal compliance and electronic transactions

-Encryption provides confidentiality.
*used in areas like secure communication/data storage/financial transactions/safeguarding personal information

Question 43

is a binary operand from Boolean algebra.
-Two bits that are the same: 0
-Two bits that are different: 1
-_____is commonly used with AES

Answer 43

XOR Exclusive OR

Question 44

is where you append a random set of characters to a password to increase the size of the password and its hash.

Answer 44

Key Stretching

Question 45

is a technique where random characters are appended to a password before it is hashed. This makes the password longer; it is similar to key stretching and increases the compute time for brute force attacks

Answer 45

Salting Passwords

Question 46

method of encrypting text (to produce cyphertext) in which cryptographic key and algorithm are applied to each binary digit in a data stream one bit at a time. It is normally used by asymmetric encryption.

Answer 46

Stream Cipher

Question 47

where a bock of data is taken and then encrypted; for example 128 bits of data may be encrypted at each time. It is used by symmetric encryption with the exception of RC4

Answer 47

Block Cipher

Question 48

this is a random value used as a secret key for data encryption. This number also called a nonce is employed only one time in any session.

Answer 48

Initialization Vector (IV)

Question 49

turns a block cipher into a stream cipher. It generates the next keystream block by encrypting successive values of a counter rather than an IV.

Answer 49

Counter Mode (CTR)

Question 50

is a one-way function that turns a file or string of text into a unique digest of the message.
-(SHA1), SHA2, SHA3, and MD5

Answer 50

Hashing

Question 51

is data that is not being used and is stored either on a hard drive or external storage.

Answer 51

Data at Rest

Question 52

when purchasing items, we use TLS, SSL, or HTTPS to encrypt the session before we enter the credit card details.

Answer 52

Data in Transit/Motion

Question 53

when we launch an application such as word, we are not running the data from the disk drive but running the application in the RAM; this is volatile memory, meaning when you should power down the computer the contents are erased.

Answer 53

Data in Use/Processing

Question 54

could use bitlocker to encrypt a whole drive. A desktop or laptop would need a Trusted Platform Module chip built into the motherboard to protect encryption keys
-Tablets and phones will need a full disk encryption to encrypt the device
-USB or Removable Drive- we can use a FDE

Answer 54

Full Disk Encryption (FDE)

Question 55

the process where you take the source code and make it look obscure, so that if it is stolen, it would not be understood.

Answer 55

Obfuscation

Question 56

where a document, image, audio file, or video file can be hidden inside another document image. The document image or file will be larger and images will have lower resolution.

Answer 56

Steganography

Question 57

technique where you can change one character of the input, which will change multiple bits of the output.

Answer 57

Diffusion