wk1 ssl

Question 1

Which of the following is not an attack against SSL?
Select one:
a. Length extension attack
b. CRIME
c. Hash overflow
d. Renegotiation denial of service 
e. I don't know.

Answer 1

Hash overflow

Question 2

Based on the path /etc/ssl/certs/cpu.cpanel.net.crt, what SSL component can you guess would likely be contained in this file?
Select one:
a. Public Key
b. Private Key 
c. Cipher Suite
d. I don't know.
e. CA Bundle

Answer 2

Public Key

Question 3

Certificates should be:
Select one:
a. Compressed into ZIP format
b. Issued from a trusted certificate authority 
c. Hashed with the MD5 hashing algorithm
d. Self-signed
e. I don't know.

Answer 3

Issued from a trusted certificate authority

Question 4

What is SSL used for?
Select one:
a. Protecting my application from SQL injection attacks
b. I don’t know.
c. Stopping certificate warning messages
d. Protecting my Web server from malware
e. Preventing the interception and tampering of data

Answer 4

Preventing the interception and tampering of data

Question 5

What utility should you use to verify a CA bundle certificate file?
Select one:
a. I don't know.
b. bundlechk
c. cpkeyclt
d. openssl
e. cpsrvd

Answer 5

openssl

Question 6

You can defend your web application against the BEAST attack by:
Select one:
a. Disabling SSLv2
b. Disabling CBC-mode ciphers
c. I don't know. 
d. Only using SSL on your website
e. Disabling SSL renegotiation

Answer 6

Disabling CBC-mode ciphers

Question 7

Which of these commands would successfully provide the md5 sum for the myserver.crt certificate file?
Select one:
a. openssl x509 -noout -modulus -in myserver.crt | openssl md5
b. I don’t know.
c. openssl md5 -out myserver.crt | openssl x509
d. md5sum -c myserver.crt | openssl
e. openssl x509 -md5 -in myserver.crt

Answer 7

openssl x509 -noout -modulus -in myserver.crt | openssl md5

Question 8

Which of the following commands would successfully establish a secure HTTPS connection to cpanel.com?
Select one:
a. openssl ssl_client -connect cpanel.com
b. openssl s_client -connect cpanel.com
c. I don’t know.
d. openssl s_client -connect https://cpanel.com
e. openssl s_client -connect cpanel.com:443

Answer 8

openssl s_client -connect cpanel.com:443

Question 9

Which of these folder paths are service-related SSL certificates stored in, on a cPanel & WHM server?
Select one:
a. /var/cpanel/ssl
b. /usr/local/cpanel/ssl
c. /etc/ssl 
d. /opt/service/ssl
e. I don't know.

Answer 9

/var/cpanel/ssl

Question 10

Which of the following commands would successfully output the readable details of a private key certificate file?
Select one:
a. openssl pki -noout -text -in filename.key
b. openssl rsa -noout -text -in filename.key
c. openssl x509 -noout -text -in filename.crt
d. I don’t know.
e. openssl cert -noout -text -in filename.crt

Answer 10

openssl rsa -noout -text -in filename.key

Question 11

Service Name Indication (SNI) provides what capability?
Select one:
a. Allows a server to install multiple certificates to the same IP address.
b. Increases SSL validity by verifying the hostname with an external resource.
c. I don’t know.
d. Facilitates the CA bundle installation process by automatically retrieving a bundle based on the root certificate authority.
e. None of the above.

Answer 11

Allows a server to install multiple certificates to the same IP address.

Question 12

"PKI" stands for..
Select one:
a. Private Key Infrastructure
b. Public Key Infrastructure 
c. I don't know.
d. Powerful Kludge Improvement
e. Procedure for Key Initialization

Answer 12

Public Key Infrastructure

Question 13

What is the minimum length a cypher key should be?
Select one:
a. I don't know.
b. 128 bits 
c. 256 bits
d. 512 bits
e. 40 bits

Answer 13

128 bits

Question 14

"SSL" stands for..
Select one:
a. Scrambled Safely, Locked
b. Secure Sockets Layer 
c. Socket Security Layer
d. I don't know.
e. Safe Sockets Layer

Answer 14

Secure Sockets Layer