Section 26: Public Key Infrastructure Flashcards

1
Q

Public Key Infrastructure

A

An entire system of hardware, software, policies, procedures, and people that is based on asymmetric encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

PKI and Keys

A

It’s all creating public and private keys that can be used and making sure they’re valid and can be trusted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Certificate Authority

A

Third party that validates this PKI process with the keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Certificate

A

Digitally signed electronic documents that bind a public key with a user’s identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

X.509

A

Standard used PKI for digital certificates and contains the owner/users information and the certificate authority’s information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How do you get a digital certificate?

A

You have to buy it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Wildcard Certificates

A

Easier to manage. Allow all of the subdomains to use the same public key certificate and have it displayed as valid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Subject Alternative Name (SAN)

A

Allows a certificate owner to specify additional domains

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Single sided certificates

A

Only require the server to be validated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Dual sided certificates

A

Require both the server and the user to be validated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Three encoding methods

A

BER, CER, DER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

File Types for certificates

A

PEM, CER, CRT or KEY, P12, PFX, P7B (sso or email) (just remember these are associated with PKI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Registration Authority

A

Used to verify certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Certificate Authorities

A

Verisign, Digisign, and many others act as Root CA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Certificate Revocation List (CRL)

A

An online list of digital certificates that he certificate authority has revoked

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

OCSP

A

A protocol that allows you to determined the revocation status of a digital certificate using its serial number

17
Q

Public Key Pinning

A

Allows an HTTPS website to resist impersonation attacks by presenting a set of trusted public keys to the user’s web browser as part of the HTTP header

18
Q

Key Escrow

A

Occurs when a secure copy of a user’s private key is held in case the user accidently loses their key

19
Q

Key Recovery Agent

A

A specialized type of software that allows the restoration of a lost or corrupted key to be performed

20
Q

If a root CA is compromised

A

every certificate is no longer good and needs to be revoked and reissued

21
Q

Web of Trust

A

A decentralized trust model that addresses issues associated with the public authentication of public keys within a CA-based PKI system

22
Q

PGP is a

A

web of trust

23
Q

Transitive Trust

A

Transitive trust occurs when X trusts Y, and Y trusts Z, therefore X trusts Z. This is because the trust flows from the first part (Dion Training) through the second party (Thor Teaches) to the third party (Udemy).

24
Q

Non-repudiation

A

Non-repudiation occurs when a sender cannot claim they didn’t send an email when they did.