Section 26: Public Key Infrastructure

Question 1

Public Key Infrastructure

Answer 1

An entire system of hardware, software, policies, procedures, and people that is based on asymmetric encryption

Question 2

PKI and Keys

Answer 2

It’s all creating public and private keys that can be used and making sure they’re valid and can be trusted

Question 3

Certificate Authority

Answer 3

Third party that validates this PKI process with the keys

Question 4

Certificate

Answer 4

Digitally signed electronic documents that bind a public key with a user’s identity

Question 5

X.509

Answer 5

Standard used PKI for digital certificates and contains the owner/users information and the certificate authority’s information

Question 6

How do you get a digital certificate?

Answer 6

You have to buy it

Question 7

Wildcard Certificates

Answer 7

Easier to manage. Allow all of the subdomains to use the same public key certificate and have it displayed as valid

Question 8

Subject Alternative Name (SAN)

Answer 8

Allows a certificate owner to specify additional domains

Question 9

Single sided certificates

Answer 9

Only require the server to be validated

Question 10

Dual sided certificates

Answer 10

Require both the server and the user to be validated

Question 11

Three encoding methods

Answer 11

BER, CER, DER

Question 12

File Types for certificates

Answer 12

PEM, CER, CRT or KEY, P12, PFX, P7B (sso or email) (just remember these are associated with PKI)

Question 13

Registration Authority

Answer 13

Used to verify certificates

Question 14

Certificate Authorities

Answer 14

Verisign, Digisign, and many others act as Root CA

Question 15

Certificate Revocation List (CRL)

Answer 15

An online list of digital certificates that he certificate authority has revoked

Question 16

OCSP

Answer 16

A protocol that allows you to determined the revocation status of a digital certificate using its serial number

Question 17

Public Key Pinning

Answer 17

Allows an HTTPS website to resist impersonation attacks by presenting a set of trusted public keys to the user’s web browser as part of the HTTP header

Question 18

Key Escrow

Answer 18

Occurs when a secure copy of a user’s private key is held in case the user accidently loses their key

Question 19

Key Recovery Agent

Answer 19

A specialized type of software that allows the restoration of a lost or corrupted key to be performed

Question 20

If a root CA is compromised

Answer 20

every certificate is no longer good and needs to be revoked and reissued

Question 21

Web of Trust

Answer 21

A decentralized trust model that addresses issues associated with the public authentication of public keys within a CA-based PKI system

Question 22

PGP is a

Answer 22

web of trust

Question 23

Transitive Trust

Answer 23

Transitive trust occurs when X trusts Y, and Y trusts Z, therefore X trusts Z. This is because the trust flows from the first part (Dion Training) through the second party (Thor Teaches) to the third party (Udemy).

Question 24

Non-repudiation

Answer 24

Non-repudiation occurs when a sender cannot claim they didn’t send an email when they did.