PKI

Question 1

process of verifying authenticity of a newly received digital certificate. Such process involves checking all the certificates in the chain of certificates from a trusted root CA, through any intermediate CAs, down to the certificate issued to the end user.

Answer 1

certificate chaining

Question 2

Copies of lost private encryption keys can be retrieved from a key escrow by recovery agents. Recovery agent is an individual with access to key database and permission level allowing him/her to extract keys from escrow. TRUE OR FALSE

Answer 2

True

Question 3

A trusted third-party storage solution providing backup source for cryptographic keys is referred to as:

Answer 3

Key Escrow

Question 4

deprecated security mechanism designed to defend HTTPS websites against impersonation attacks performed with the use of fraudulent digital certificates?

Answer 4

Public key pinning

Question 5

allows for checking digital certificate revocation status without contacting Certificate Authority (CA)?

Answer 5

stapling

Question 6

Encoded in text (ASCII Base64) format, .p7b file extension, Generally used for Microsoft windows and Java Tomcat servers, used for single sign on - what digital certificate format is this?

Answer 6

P7B

Question 7

Encoded in text (ASCII Base64) format, .pem, .crt, .cer and .key file extensions, Generally used for Apache servers or similar configurations, privacy enhanced mail - what digital certificate format is this?

Answer 7

PEM

Question 8

What are the characteristics of DER (Distinguished Encoding Rules)?

Answer 8

Encoded in binary, .der/.cer file extension, generally used for java servers

Question 9

A digital certificate which allows multiple domains to be protected by a single certificate is known as:

Answer 9

SAN - Subject Alternative Name

Question 10

digital certificate type allows multiple subdomains to be protected by a single certificate?

Answer 10

Wildcard Certificate

Question 11

In a digital certificate, ________ describes a device, an individual, an organization, or any other entity the certificate has been issued for. In an SSL certificate, _______ refers to the Fully Qualified Domain Name (FQDN), which is the domain name of the server protected by the SSL certificate.

Answer 11

CN Common Name

Question 12

method for requesting a digital certificate?

Answer 12

CSR Certificate Signing Request

Question 13

What is the fastest way for checking the validity of a digital certificate?

Answer 13

OCSP Online Certificate Status Protocol

Question 14

What is OCSP

Answer 14

Online Certificate Status Protocol - allows you to determine the revocation status of a digital certificate using its serial number

Question 15

What is CRL ?

Answer 15

Certificate Revocation List - list of digital certificates that have been revoked

Question 16

What is the PKI role of Registration Authority (RA)?

Answer 16

Accepting requests for digital certificates, Authenticating the entity making the request

Question 17

A type of trusted third party that issues digital certificates used for creating digital signatures and public-private key pairs is known as:

Answer 17

CA - Certificate Authority

Question 18

hierarchical system for the creation, management, storage, distribution, and revocation of digital certificates

Answer 18

PKI

Question 19

What is web of trust?

Answer 19

• Decentralized trust model that addresses issues associated with the public
  authentication of public keys within a CA based PKI system
• Uses peer to peer model
• Certificates are cerated as self signed certificates

Question 20

What is PFX?

Answer 20

Personal info exchange

Question 21

What is BER?

Answer 21

Basic Encoding Rules - Original ruleset governing the encoding of data structures for certs where several different encoding types can be utilized

Question 22

A certificate that requires only the server to be validated

Answer 22

Single Sided Certificate

Question 23

A certificate that requires both the server and the user to be validated

Answer 23

Dual Sided Certificate

Question 24

Which is more secure: single or dual sided certificates?

Answer 24

Dual Sided

Question 25

What is the standard used for PKI digital certificates and contains the owner/user info and the certificate authority’s information?

Answer 25

X.509

Question 26

What is a Key recovery agent?

Answer 26

Software or individual that allows the restoration of lost or corrupted keys

Question 27

What is Key Escrow?

Answer 27

when a secure copy of users private key is held in case the user accidentally loses their key

Question 28

What is a Digital Certificate?

Answer 28

Digitally signed electronic documents that bind a public key with a user’s identity

Question 29

What is code signing?

Answer 29

Using a digital signature to provide an assurance that software code has not been modified after it was submitted by a developer

Question 30

What is a Digital Signature?

Answer 30

Digital signatures prevent collisions from being used to spoof the integrity of a message by hashing a file then taking that hash and encrypting it with a private key

Question 31

Difference between digital certificate and digital signature….

Answer 31

A digital certificate is a digitally signed electronic document that binds a public key with a user’s identity

A digital signature is a hash of a file that is encrypted with a private key in order to prevent collisions and spoofing the integrity of a file/message