PKI Flashcards
process of verifying authenticity of a newly received digital certificate. Such process involves checking all the certificates in the chain of certificates from a trusted root CA, through any intermediate CAs, down to the certificate issued to the end user.
certificate chaining
Copies of lost private encryption keys can be retrieved from a key escrow by recovery agents. Recovery agent is an individual with access to key database and permission level allowing him/her to extract keys from escrow. TRUE OR FALSE
True
A trusted third-party storage solution providing backup source for cryptographic keys is referred to as:
Key Escrow
deprecated security mechanism designed to defend HTTPS websites against impersonation attacks performed with the use of fraudulent digital certificates?
Public key pinning
allows for checking digital certificate revocation status without contacting Certificate Authority (CA)?
stapling
Encoded in text (ASCII Base64) format, .p7b file extension, Generally used for Microsoft windows and Java Tomcat servers, used for single sign on - what digital certificate format is this?
P7B
Encoded in text (ASCII Base64) format, .pem, .crt, .cer and .key file extensions, Generally used for Apache servers or similar configurations, privacy enhanced mail - what digital certificate format is this?
PEM
What are the characteristics of DER (Distinguished Encoding Rules)?
Encoded in binary, .der/.cer file extension, generally used for java servers
A digital certificate which allows multiple domains to be protected by a single certificate is known as:
SAN - Subject Alternative Name
digital certificate type allows multiple subdomains to be protected by a single certificate?
Wildcard Certificate
In a digital certificate, ________ describes a device, an individual, an organization, or any other entity the certificate has been issued for. In an SSL certificate, _______ refers to the Fully Qualified Domain Name (FQDN), which is the domain name of the server protected by the SSL certificate.
CN Common Name
method for requesting a digital certificate?
CSR Certificate Signing Request
What is the fastest way for checking the validity of a digital certificate?
OCSP Online Certificate Status Protocol
What is OCSP
Online Certificate Status Protocol - allows you to determine the revocation status of a digital certificate using its serial number
What is CRL ?
Certificate Revocation List - list of digital certificates that have been revoked