Chapter 6 Flashcards
What protocol used to authenticate remote access users with smart cards?
EAP-TLS
What EAP type offers support for legacy authentication protocols such as PAP, CHAP, MS-CHAP or MS-CHAPv2?
EAP-TTLS
How many characters in a passphrase for WPA2- Personal security?
8 characters
What cipher blocks are restricted to 64 bit block sizes?
DES and 3DES
What is a supplicant?
Software application installed on an end users computer
What EAP type uses three phase operation?
EAP-FAST
What does the SSL connection setup process look like?
Client creates session key and encrypts with servers public key
What two items are found within a digital certificate?
Serial Number, and Public Key
In an 802.1x implementation, what devices mutually authenticate with each other?
Authentication Server and Supplicant
What is a trust model?
Collection of rules that informs applications as to how to decide the validity of a digital certificate.
What EAP type uses the concepts of public key infrastructure (PKI)?
EAP-TLS
What is a captive portal?
A web page where the user must view and agree to the terms before access to the network is granted. Seen in airports.
What encryption type offers easy key exchange and key management?
Asymmetric
Which of the following types of device are found in a network that supports Wi-Fi Protected Setup (WPS) protocol
Registrar, Enrollee, Access Point
What is PKCS #12?
File that contains both private key and X.509 certificate.
What is PKCS #1?
Defines mathematical properties and format of RSA public and private keys
What is PKCS #3?
Cryptographic protocol that allows two parties to jointly establish a share key over an insecure network.
What is PKCS #7?
Used to sign and or encrypt messages within a PKI
How many effective key sizes of bits does 3DES have?
56, 112, 168
Which of the following statements best describes the relationship between a CRL and OSCP?
OCSP is a protocol to check the CRL during a certificate validation process.
What is a one time pad?
Stream cipher that encrypts the plain text with a secret random key that is the same length as the plain text.
What is Cipher Block Chaining? (CBC)
Uses feedback info to ensure the current block ciphertext differs from other blocks even if the same data is being encrypted.
What is Electronic Code Book?
Encrypts each data block individually.
What is Galois/Counter Mode? (GCM)
Encrypts data and checks integrity.
What is Counter Mode? (CTM)
Similar to CBC except it does not use a random number and does not chain the blocks.
Which certificate format is typically used on Windows OS machines to import and export certificates and private keys?
PFX
What is PEM?
Used for securing email using public key cryptography
What is another name for an ephemeral key?
Session Key
Which of the following transpires in a PKI environment?
The CA signs the certificate.
AES-CCMP uses a 128-bit temporal key and encrypts data in what block size?
128
Which of the following algorithms is typically used to encrypt data-at-rest?
Symmetric
What is a registered authority?
Used to verify requests for certificates and forwards responses to the CA.