Public Key Infrastructure (PKI) Flashcards
Which of the following answers refers to a hierarchical system for the creation, management, storage, distribution, and revocation of digital certificates?
Web of trust
PKI
IaaS
CA
PKI
A type of trusted third party that issues digital certificates used for creating digital signatures and public-private key pairs is known as:
Certificate Authority (CA)
Which of the following certificate formats is used to store a binary representation of a digital certificate?
PFX
DER
P7B
PEM
Distinguished encoding rules (DER)
It is a binary encoding for X. 509 certificates and private keys
A digital certificate which allows multiple domains to be protected by a single certificate is known as:
Subject Alternative name (SAN) certificate
Which digital certificate type allows multiple subdomains to be protected by a single certificate?
Wildcard certificate
The term “Certificate chaining” refers to a process of verifying the authenticity of a newly received digital certificate. Such process involves checking all of the certificates in the chain of certificates from a trusted root CA, through any intermediate CAs, down to the certificate issued to the end user. A new certificate can only be trusted if each certificate in that certificate’s chain is properly issued and valid.
True
Copies of lost private encryption keys can be retrieved from a key escrow by recovery agents. Recovery agent is an individual with access to key database and permission level allowing him/her to extract keys from escrow.
True
A trusted third-party storage solution providing backup source for cryptographic keys is referred to as:
Key escrow
Which of the answers listed below refer to examples of PKI trust models?
Single CA model Hierarchical model (root CA + intermediate CAs) Mesh model (cross-certifying CAs) Web of trust model (all CAs act as root CAs) Client-server mutual authentication model All of the above
All of the above
A security mechanism that allows HTTPS websites to resist impersonation by attackers using fraudulent certificates is called:
HTTP Public key pinning (HPKP)
Which of the following allows for checking digital certificate revocation status without contacting Certificate Authority (CA)?
OCSP stapling
Certificate Revocation list (CRL)
Sideloading
Certificate signing request (CSR)
OCSP stapling
Which of the answers listed below refers to a method for requesting a digital certificate?
CSR
What is the fastest way for validating a digital certificate?
OCSP
Which digital certificate formats are commonly used to store private keys?
PFX and P12
Which of the answers listed below refers to the most common format in which Certificate Authorities (CA) issue certificates?
PEM