Chapter 2: Review Questions Flashcards
What type of certificate does a CA have?
A CA has a root certificate, which is used to sign keys.
If I am going to use a CA internally, what type of CA should I use?
Private CA; these certificates will not be accepted outside your organization.
If I want to carry out B2B activity with third-party companies or sell products on the web, what type of CA should I use?
Public CA for B2B activities.
Why would I make my CA offline when not in use?
It should be offline when not in use so that new certificates cannot be issued. This will help stop with unauthorized individuals getting access to company data.
Who signs X509
certificates?
The CA signs for the X509 certificates to validate it.
What can I use to prevent my CA from being compromised and fraudulent certificates being issued?
Certificate Pinning
If two entities want to set up a cross-certification, what must they set up first?
The two entities need to set up a Bridge Trust Model.
What type of trust model does PGP use?
PGP uses a trust model known as a web of trust.
How can I tell whether my certificate is valid?
Certificate Revocation List
If the CRL is going slow, what should I implement?
OCSP is used only when the CRL is going slow or had been replaced by the OCSP.
Who builds the CA or intermediary authorities?
An architect would build the CA or intermediary authorities
Explain certificate stapling/OCSP stapling.
It is used when a web server bypasses the CRL to use the OCSP for a faster confirmation, irrespective of whether or not a certificate is valid.
What is the process of obtaining a new certificate?
A certificate Signing Request is a new certificate request.
What is the purpose of the key escrow?
The key escrow holds the private keys for third parties and stores them in the Hardware Security Module.
What is the purpose of the Hardware Security Module(HSM)?
The HSM can a piece of hardware attached or a portable device that is attached to store the keys. It manages and stores the certificates.
What is the purpose of the Data Recovery Agent (DRA) and what does it need in order to complete its role effectively?
If a user cannot access their data because their private key is corrupted, the DRA will recover the data. The DRA needs to get the private key from the key escrow.
How can I identify each certificate?
Each certificate can be identified by their OID, which is similar to a serial number.
What format is a private certificate and what file extension does it have?
Format is P12 and the file extension is .pfx.
What format is a public certificate and what file extension does it have?
The format is P7B and the extension is .cer.
What format is a PEM certificate?
The format of a PEM certificate is a base64 format.
What type of certificate can be used on multiple servers in the same domain?
A wildcard certificate.
What type of certificate can be used on multiple domains?
Subject Alternative Name (SAN) can be used on multiple domains.