Public Key Infrastructure (PKI) Flashcards

1
Q

Which of the following answers refers to a hierarchical system for the creation, management, storage, distribution, and revocation of digital certificates?

Web of trust
PKI
IaaS
CA

A

PKI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A type of trusted third party that issues digital certificates used for creating digital signatures and public-private key pairs is known as:

A

Certificate Authority (CA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following certificate formats is used to store a binary representation of a digital certificate?

PFX
DER
P7B
PEM

A

Distinguished encoding rules (DER)

It is a binary encoding for X. 509 certificates and private keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A digital certificate which allows multiple domains to be protected by a single certificate is known as:

A

Subject Alternative name (SAN) certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which digital certificate type allows multiple subdomains to be protected by a single certificate?

A

Wildcard certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The term “Certificate chaining” refers to a process of verifying the authenticity of a newly received digital certificate. Such process involves checking all of the certificates in the chain of certificates from a trusted root CA, through any intermediate CAs, down to the certificate issued to the end user. A new certificate can only be trusted if each certificate in that certificate’s chain is properly issued and valid.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Copies of lost private encryption keys can be retrieved from a key escrow by recovery agents. Recovery agent is an individual with access to key database and permission level allowing him/her to extract keys from escrow.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A trusted third-party storage solution providing backup source for cryptographic keys is referred to as:

A

Key escrow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the answers listed below refer to examples of PKI trust models?

Single CA model
Hierarchical model (root CA + intermediate CAs)
Mesh model (cross-certifying CAs)
Web of trust model (all CAs act as root CAs)
Client-server mutual authentication model
All of the above
A

All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A security mechanism that allows HTTPS websites to resist impersonation by attackers using fraudulent certificates is called:

A

HTTP Public key pinning (HPKP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following allows for checking digital certificate revocation status without contacting Certificate Authority (CA)?

OCSP stapling
Certificate Revocation list (CRL)
Sideloading
Certificate signing request (CSR)

A

OCSP stapling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the answers listed below refers to a method for requesting a digital certificate?

A

CSR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the fastest way for validating a digital certificate?

A

OCSP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which digital certificate formats are commonly used to store private keys?

A

PFX and P12

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the answers listed below refers to the most common format in which Certificate Authorities (CA) issue certificates?

A

PEM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly