PKI Flashcards

1
Q

process of verifying authenticity of a newly received digital certificate. Such process involves checking all the certificates in the chain of certificates from a trusted root CA, through any intermediate CAs, down to the certificate issued to the end user.

A

certificate chaining

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Copies of lost private encryption keys can be retrieved from a key escrow by recovery agents. Recovery agent is an individual with access to key database and permission level allowing him/her to extract keys from escrow. TRUE OR FALSE

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A trusted third-party storage solution providing backup source for cryptographic keys is referred to as:

A

Key Escrow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

deprecated security mechanism designed to defend HTTPS websites against impersonation attacks performed with the use of fraudulent digital certificates?

A

Public key pinning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

allows for checking digital certificate revocation status without contacting Certificate Authority (CA)?

A

stapling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Encoded in text (ASCII Base64) format, .p7b file extension, Generally used for Microsoft windows and Java Tomcat servers, used for single sign on - what digital certificate format is this?

A

P7B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Encoded in text (ASCII Base64) format, .pem, .crt, .cer and .key file extensions, Generally used for Apache servers or similar configurations, privacy enhanced mail - what digital certificate format is this?

A

PEM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the characteristics of DER (Distinguished Encoding Rules)?

A

Encoded in binary, .der/.cer file extension, generally used for java servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A digital certificate which allows multiple domains to be protected by a single certificate is known as:

A

SAN - Subject Alternative Name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

digital certificate type allows multiple subdomains to be protected by a single certificate?

A

Wildcard Certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In a digital certificate, ________ describes a device, an individual, an organization, or any other entity the certificate has been issued for. In an SSL certificate, _______ refers to the Fully Qualified Domain Name (FQDN), which is the domain name of the server protected by the SSL certificate.

A

CN Common Name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

method for requesting a digital certificate?

A

CSR Certificate Signing Request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the fastest way for checking the validity of a digital certificate?

A

OCSP Online Certificate Status Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is OCSP

A

Online Certificate Status Protocol - allows you to determine the revocation status of a digital certificate using its serial number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is CRL ?

A

Certificate Revocation List - list of digital certificates that have been revoked

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the PKI role of Registration Authority (RA)?

A

Accepting requests for digital certificates, Authenticating the entity making the request

17
Q

A type of trusted third party that issues digital certificates used for creating digital signatures and public-private key pairs is known as:

A

CA - Certificate Authority

18
Q

hierarchical system for the creation, management, storage, distribution, and revocation of digital certificates

A

PKI

19
Q

What is web of trust?

A
  • Decentralized trust model that addresses issues associated with the public
    authentication of public keys within a CA based PKI system
  • Uses peer to peer model
  • Certificates are cerated as self signed certificates
20
Q

What is PFX?

A

Personal info exchange

21
Q

What is BER?

A

Basic Encoding Rules - Original ruleset governing the encoding of data structures for certs where several different encoding types can be utilized

22
Q

A certificate that requires only the server to be validated

A

Single Sided Certificate

23
Q

A certificate that requires both the server and the user to be validated

A

Dual Sided Certificate

24
Q

Which is more secure: single or dual sided certificates?

A

Dual Sided

25
Q

What is the standard used for PKI digital certificates and contains the owner/user info and the certificate authority’s information?

A

X.509

26
Q

What is a Key recovery agent?

A

Software or individual that allows the restoration of lost or corrupted keys

27
Q

What is Key Escrow?

A

when a secure copy of users private key is held in case the user accidentally loses their key

28
Q

What is a Digital Certificate?

A

Digitally signed electronic documents that bind a public key with a user’s identity

29
Q

What is code signing?

A

Using a digital signature to provide an assurance that software code has not been modified after it was submitted by a developer

30
Q

What is a Digital Signature?

A

Digital signatures prevent collisions from being used to spoof the integrity of a message by hashing a file then taking that hash and encrypting it with a private key

31
Q

Difference between digital certificate and digital signature….

A

A digital certificate is a digitally signed electronic document that binds a public key with a user’s identity

A digital signature is a hash of a file that is encrypted with a private key in order to prevent collisions and spoofing the integrity of a file/message