Chapter 2: Public Key Infrastructure Flashcards

1
Q

is a asymmetric encryption that has a Certificate Authority and the associated infrastructure to support issuing and managing certificates.

A

Public Key Infrastructure (PKI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

the ultimate authority as it holds the master key, also known as the root key, for signing all the certificates that it gives the Intermediary who issues the certificate to the requester.

A

Certificate Authority (CA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

internal online CA is always up and running so that people in the company can request a certificate at any time of the day or night.

A

Online CA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

is for military or secure environment where clearance and vetting must be completed before someone can be issued with a certificate.

A

Offline CA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

is also known as a third party CA and is commercially accepted as an authority for issuing pubic certificates—examples include Sectigo, Symantec, Go Daddy..

A

Public CA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

can only be used internally. However, you must maintain the CA.

A

Private CA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

validates and accepts the incoming requests for certificates from users on the network and notifies the CA to issue the certificates. The certificates thare used are known as X509 certificates.

A

Registration Authority (RA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

prevents the compromising of the CA and the issuing of fraudulent X509 certificates. It prevents SSL man in the middle attacks.

A

Certificate Pinning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

in PKI environment is the root certificate from which the whole chain of trust is derived; this is the root CA

A

Trust Anchor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

proves the authenticity of a certificate

A

Trust Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Type of Trust Model that uses hierarchy from the root CA down to the intermediary

A

Hierarchical Trust Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

peer to peer trust model where two separate PKI environments trust each other

A

Bridge Trust Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

this chain of trust is used to verify who the CA is. The chain normally has three layers—certificate vendor, the vendors CA, and the computer where the certificate is installed.

A

Certificate Chaining

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

first stage in checking whether a certificate is valid. If the certificate is not valid it will be entered into the ____

A

Certificate Revocation List (CRL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

If the CRL is going slow; it is much faster than the CRL and can take the load from CRL in a busy environment

A

Online Certificate Status Protocol (OSCP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

is used when a web server bypasses the CRL to use the OSCP for faster certificate validation.

A

OSCP Stapling/Certificate Stapling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

This is the process of requesting a new certificate.

A

Certificate Signing Request (CSR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

holds the private keys for third parties and stores them in a Hardware

A

Key Escrow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

is a device that can store digital keys. It could be as simple as an external hard drive.

A

Security Module

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

can be a piece of hardware attached to the server or a portable device that is attached to store the keys.

A

Hardware Security Module (HSM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

if a user cannot access their data because their private key is corrupted, the ___ will recover the data. The ____needs to get a copy of the private key from the key escrow.

A

Data Recovery Agent (DRA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

the OID on a certificate is similar to a serial number on a banknote. Banknotes are identified by their serial number. The certificate is identified by the OID.

A

Object Identifier (OID)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

moving a letter three places one way or another to encrypt

A

Substitution Cipher

24
Q

variation of the Caesar cipher, rotating the letters 13 times.

A

ROT13

25
Q

only uses one key, which is known as the secret key. The same key encrypts and decrypts the data. The risk is if the key is stolen the attacker gets the key to the kingdom.

A

Symmetric Encryption

26
Q

Name all of the Symmetric Encryptions

A

DES 56 bit; 3DES 168 bit; AES 256 bit; Twofish 128 bit; Blowfish 64 bit

27
Q

when symmetric data is in transit, it is protected by Diffie Hellman, whose main purpose is to create a secure tunnel for symmetric data to pass through. It does not encrypt the data but creates a secure tunnel.

A

Diffie Hellman (DH)

28
Q

uses two keys, a private and public key. (PKI is an example of this)

A

Asymmetric Encryption

29
Q

The first stage in digital signatures is to exchange public keys, the same principal as encryption. George wants to send Mary an email and he wants to ensure it has not been altered in transit. —digital signature uses the sender’s private key

A

Digital Signature

30
Q

comes in three key strengths: 128, 192, and 256.
-commonly used for L2TP/IPSec VPNs
(type of symmetric encryption)

A

Advanced Encryption Standard (AES)

31
Q

groups data into 64 bit blocks, but for purpose of exam 56 bit.
-fastest but weakest
-could be used for L2TP/IPSec VPNs
(type of symmetric encryption)

A

Data Encryption Standard (DES)

32
Q

applies the DES key three times and is said to be 168 bit key.
-could be used for L2TP/IPSec VPNs
(type of symmetric encryption)

A

Triple DES (3DES)

33
Q

is 40 bits and is used by WEP
-seen as stream cipher

A

Rivest Cipher (RC4)

34
Q

does not encrypt the session. It creates secure session so that symmetric data can travel down
-creates the keys used in the IKE Internet Key Exchange:
-uses UDP port 500 to set up secure sessions for L2TP/IPSec VPN
-once secure tunnel has been created then the symmetrically encrypted data flows down the tunnel
-Type of Assymmetric Algorithm

A

Diffie Hellman (DH)

35
Q

is named after the three people who invented the algorithm. The keys were first private and public key pairs.
-start at 1024, 2048, 3072, and 4096 bits.
-used for encryption and digital signatures

A

Rivest, Shamir, and Adelman (RSA)

36
Q

keys are used for digital signatures
-start at 512 bits, but 1024 and 2048 bit keys are faster than RSA for digital signatures

A

Digital Signature Algorithm (DSA)

37
Q

small, fast key that is used for encryption in small mobile devices.
-AES 256 is used in military mobile cell phones
-uses less processing than other encryptions
-type of assymmetric encryption

A

Elliptic Curve Cryptography (ECC)

38
Q

short lived keys–used for a single session

A

ephemeral keys

39
Q

used between two users to set up symmetric encryption and digital signature. For ____to operate you need a private and public key pair.

A

Pretty Good Privacy (PGP)

40
Q

uses a block cipher and encrypts large blocks of data much faster than the asymmetric technique

A

Symmetric Encryption

41
Q

much more secure as it has two keys and used DH to create a secure tunnel for the symmetric data.

A

Asymmetric Encryption

42
Q

Difference Between Digital Signatures and Encryption

A

-Digital Signature verifies the identity of the sender. It provides authenticity, integrity, and non-repudiation.
*Used in document signing/email/legal compliance and electronic transactions

-Encryption provides confidentiality.
*used in areas like secure communication/data storage/financial transactions/safeguarding personal information

43
Q

is a binary operand from Boolean algebra.
-Two bits that are the same: 0
-Two bits that are different: 1
-_____is commonly used with AES

A

XOR Exclusive OR

44
Q

is where you append a random set of characters to a password to increase the size of the password and its hash.

A

Key Stretching

45
Q

is a technique where random characters are appended to a password before it is hashed. This makes the password longer; it is similar to key stretching and increases the compute time for brute force attacks

A

Salting Passwords

46
Q

method of encrypting text (to produce cyphertext) in which cryptographic key and algorithm are applied to each binary digit in a data stream one bit at a time. It is normally used by asymmetric encryption.

A

Stream Cipher

47
Q

where a bock of data is taken and then encrypted; for example 128 bits of data may be encrypted at each time. It is used by symmetric encryption with the exception of RC4

A

Block Cipher

48
Q

this is a random value used as a secret key for data encryption. This number also called a nonce is employed only one time in any session.

A

Initialization Vector (IV)

49
Q

turns a block cipher into a stream cipher. It generates the next keystream block by encrypting successive values of a counter rather than an IV.

A

Counter Mode (CTR)

50
Q

is a one-way function that turns a file or string of text into a unique digest of the message.
-(SHA1), SHA2, SHA3, and MD5

A

Hashing

51
Q

is data that is not being used and is stored either on a hard drive or external storage.

A

Data at Rest

52
Q

when purchasing items, we use TLS, SSL, or HTTPS to encrypt the session before we enter the credit card details.

A

Data in Transit/Motion

53
Q

when we launch an application such as word, we are not running the data from the disk drive but running the application in the RAM; this is volatile memory, meaning when you should power down the computer the contents are erased.

A

Data in Use/Processing

54
Q

could use bitlocker to encrypt a whole drive. A desktop or laptop would need a Trusted Platform Module chip built into the motherboard to protect encryption keys
-Tablets and phones will need a full disk encryption to encrypt the device
-USB or Removable Drive- we can use a FDE

A

Full Disk Encryption (FDE)

55
Q

the process where you take the source code and make it look obscure, so that if it is stolen, it would not be understood.

A

Obfuscation

56
Q

where a document, image, audio file, or video file can be hidden inside another document image. The document image or file will be larger and images will have lower resolution.

A

Steganography

57
Q

technique where you can change one character of the input, which will change multiple bits of the output.

A

Diffusion