PKI and Cryptographic Protocols

Question 1

Cleartext

Answer 1

unencrypted data thats not supposed to be encrypted

Question 2

What states does encryption protect?

Answer 2

processing, transit, rest

Question 3

What are digital signatures?

Answer 3

Electronic signatures to verify the sender

Question 4

What is a digital certificate?

Answer 4

Public key associated with users and has been signed by a trusted third party

Question 5

CA

Answer 5

Certificate Authorities

Question 6

What do CAs do?

Answer 6

Makes and manages digital certificates

Question 7

CSR

Answer 7

Certificate Signing Request

Question 8

How can a digital certificate be authenticated?

Answer 8

Email, Documents, In-person

Question 9

What is a weakness in a single centralized CA?

Answer 9

Bottlenecks

Question 10

How do you ensure security and integrity when managing CAs

Answer 10

Offline CA

Question 11

CR

Answer 11

Certificate Repository

Question 12

What is a CR?

Answer 12

Public centralized directory of digital signatures where you can see the status

Question 13

What happens to a digital certificate before its expiration date?

Answer 13

Revoked

Question 14

CRL

Answer 14

Certificate Revocation List

Question 15

What is a CRL?

Answer 15

list of certificates revokes by serial numbers
can have a local CRL

Question 16

OCSP

Answer 16

Online Certificate Status Protocol

Question 17

OCSP Stapling

Answer 17

Web server sends queries to responders at intervals

Question 18

What is a OCSP?

Answer 18

Real-time look up of revocation

Question 19

Browsers that use OCSP

Answer 19

Chrome, Safari, Firefox, Opera, IE

Question 20

Root Digital Certificate

Answer 20

Self-signed
End is user

Question 21

Domain Digital Certificate

Answer 21

Web server and browser key exchange
Entry-Lvl
no trust just verifies

Question 22

Extended Domain Digital Certificate

Answer 22

Audit to follow ev standards
owner verifies by intermediate CA
authorized by intermediate and signature from officer of company

Question 23

Wildcard Digital Certificate (Domain)

Answer 23

validate main and subdomains

Question 24

Subject Alternatuve Name Digital Certificate (Domain)

Answer 24

Unified Communications Certificate
Multiple servers or domain names uses same certificate

Question 25

What is the standard for digital certificate?

Answer 25

X.509

Question 26

Direct Trust

Answer 26

knows each other

Question 27

Third-Party Trust

Answer 27

trust bc they trust a common 3rd party

Question 28

Web of trust

Answer 28

a direct trust signs digital certificate then exchange

Question 29

Hierarchical trust model

Answer 29

One mast CA named root backlog can happen signs all w one key

Question 30

Distributed trust model

Answer 30

multiple CAs basis on internet

Question 31

Bridge trust model

Answer 31

One CA is an faciliitor that doesnt issue certificates but connects rest of CAs Hub

Question 32

CP

Answer 32

Certificate Policy

Question 33

What is a CP

Answer 33

Rules that govern PKI Recommended baseline security

Question 34

CPS

Answer 34

Certificate Practice Statement

Question 35

What is a CPS

Answer 35

More technical How CA manages and uses

Question 36

What is the 4 Certification life cycle

Answer 36

creation suspension revocation expiration

Question 37

Key Escrow

Answer 37

Keys managed by 3rd party

Question 38

M-of-N control

Answer 38

Private key divided and distrubited among people

Question 39

What recovers lost or damaged certificates?

Answer 39

Key Recovery Agent

Question 40

KRA

Answer 40

Key Recovery Agent

Question 41

SSL

Answer 41

Secure Sockets Layer

Question 42

What is SSL

Answer 42

By netscape addressed internet security encrypted path w client and server to be an OS

Question 43

SSL stripping

Answer 43

Intercepting an HTTP connection

Question 44

TLS

Answer 44

Transport Layer Security

Question 45

What is TLS

Answer 45

Replaced SSL Perfect forward secrecy of public key exchange and encrypts handshakes after serverhello

Question 46

Cipher suite

Answer 46

Encryption, authentication, Message Authentication Code browser and server initial connection descriptive names

Question 47

SSH

Answer 47

Secure Shell

Question 48

What is a SSH

Answer 48

alternative to telnet Linux/UNIX based commands slogin, ssh, scp

Question 49

S/MIME

Answer 49

Secure/Multipurpose Internet Mail Extension

Question 50

What is S/MIME

Answer 50

securing email how emails will be organized and encrypted

Question 51

SRTP

Answer 51

Secure Real-Time Transport Protocol

Question 52

What is SRTP

Answer 52

Like S/MIME Protects VoIP authentication and confidentiality

Question 53

IPSec

Answer 53

Securing internet communications Encrypts and authenticates IP packets of session transparent OS or Hardware

Question 54

AH

Answer 54

Authentication Header (IPSec)

Question 55

ESP

Answer 55

Encapsulating Security Payload (IPSec)

Question 56

ISAKMP/Oakley

Answer 56

Internet Security Association and Key Management Protocol encrypts Key Management (IPSec)

Question 57

Transport Encryption

Answer 57

encrypts data only

Question 58

Tunnel encryption

Answer 58

encrypts header and data network-to-network

Question 59

Key strength

Answer 59

randomness cryptoperiod length

Question 60

Keyspace

Answer 60

Character-set^Key-lengths

Question 61

ECB

Answer 61

Electronic Code Book

Question 62

What is an ECB

Answer 62

Most basic plaintext divided and encrypted chance of identical encryption not suitable

Question 63

CBC

Answer 63

Cipher Block Chaining

Question 64

What is CBC

Answer 64

Ciphertect block fed back in process to encrypt next 'XORed'

Question 65

CTR

Answer 65

Counter

Question 66

What is CTR

Answer 66

computes new value each ciphertext block is exchanged needs to be sync

Question 67

GCM

Answer 67

Galois/Counter

Question 68

What is GCM

Answer 68

encrypts and computes a MAC to ensure integrity adds ADD

Question 69

ADD

Answer 69

Additional Authentication Data

Question 70

Crypto Service Providers

Answer 70

crypto modules to do task part of OS often software and hardware