by 0x4b4d


keywords:
Bookmark and Share



Front Back
1. PKI (Public Key Infrastructure) is a key-asymmetric system utilizing how many keys
One
Two
Three
Four
1. B. PKI (Public Key Infrastructure) is a key-asymmetric system utilizing two keys.
2. A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing:
Tokens
Licenses
Certificates
Tickets
2. C. A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates.
3. A registration authority (RA) can do all the following except:
Distribute keys
Accept registrations for the CA
Validate identities
Give recommendations
3. D. A registration authority (RA) can distribute keys, accept registrations for the CA, and validate identities. It cannot give recommendations.
4. The primary difference between an RA and _____ is that the latter can be used to identify or establish the identity of an individual.
MLA
STR
BSO
LRA
4. D. The primary difference between an RA and LRA is that the LRA can be used to identify or establish the identity of an individual.
5. The most popular certificate used is version 3 of:
X.509
B.102
C.409
Z.602
5. A. The most popular certificate used is version 3 of X.509.
6. The process of requiring interoperability is called:
Cross examination
Cross certification
Cross scoping
Cross marking
6. B. The process of requiring interoperability is called cross certification.
7. A Certificate Practice Statement (CPS) is a detailed statement the CA uses to issue certificates and ______ of the CA.
Implement policies
Control processes
Regulate actions
Complete processes
7. A. A Certificate Practice Statement (CPS) is a detailed statement the CA uses to issue certificates and implement policies of the CA.
8. Certificate revocation is the process of revoking a certificate before it:
Is renewed
Becomes public
Reuses a value
Expires
8. D. Certificate revocation is the process of revoking a certificate before it expires.
9. Which of the following is not one of the four main types of trust models used with PKI?
Hierarchical
Bridge
Custom
Mesh
Hybrid
9. C. The four main types of trust models used with PKI are hierarchical, bridge, mesh, and hybrid. Custom is not one of the main PKI trust models.
10. Which of the following refers to the ability to manage individual resources in the CA network?
Regulation
Granularity
Management
Restricting
10. B. Granularity refers to the ability to manage individual resources in the CA network.
11. A hierarchical trust model is also known as a:
Bush
Branch
Tree
Limb
11. C. A hierarchical trust model is also known as a tree.
12. In a bridge trust model, a ______ to ______ relationship exists between the root CAs.
Parent, child
Peer, peer
Father, daughter
Sister, parent
12. B. In a bridge trust model, a peer-to-peer relationship exists between the root CAs.
13. The mesh trust model is also known as what?
Web structure
Car model
Web redemption
Corrupt system
13. A. The mesh trust model is also known as a web structure.
14. Key management includes all of the following stages/areas except:
Centralized versus decentralized key generation
Key storage and distribution
Key locking
Key escrow
Key expiration
14. C. Key management includes centralized versus decentralized key generation, key storage and distribution, key escrow, and key expiration. Key locking is not a part of key management.
15. Key destruction is the process of destroying keys that have become:
Invalid
Expired
Ruined
Outdated
15. A. Key destruction is the process of destroying keys that have become invalid.
16. Public Key Infrastructure (PKI) is a first attempt to provide all the aspects of security to messages and transactions that have been previously discussed. It contains four components including:
Certificate Authority (CA), Registration Authority (RA), RSA, and digital certificates
Certificate Authority (CA), RSA, Document Authority (DA), and digital certificates
Document Authority (DA), Certificate Authority (CA), and RSA
Registration Authority (RA), RSA, and digital certificates
16. A. Public Key Infrastructure (PKI) contains four components: certificate authority (CA), registration authority (RA), RSA, and digital certificates.
17. Which of the following is responsible for issuing certificates?
Registration authority (RA)
Certificate authority (CA)
Document authority (DA)
Local registration authority (LRA)
17. B. The certificate authority (CA) is responsible for issuing certificates.
18. In a bridge trust model, each intermediate CA trusts only those CAs that are:
Above and below it
Above it
Below it
On the same level
18. A. In a bridge trust model, each intermediate CA trusts those CAs that are above and below it.
19. Which of the following is an attack against the algorithm?
Birthday attack
Weak key attack
Mathematical attack
Registration attack
19. C. A mathematical attack is an attack against the algorithm.
20. One disadvantage of decentralized key generation is:
It depends on key escrow.
It is more vulnerable to single point attacks.
There are more risks of attacks.
It creates a storage and management issue.
20. D. A disadvantage of decentralized key generation is the storage and management issue it creates.
Public Key Infrastructre (PKI)
Two-key (asymmetric) security system
Four Parts:
Certificate Authority (CA)
Registration Authority (RA)
RSA encryption algorithm
Digital Certificates
Certificate Authority (CA)
Organization responsible for issuing, revoking, and distributing certificates
Registration Authority (RA)
Takes the load off of Certificate Authority.
Performs all functions EXCEPT issuing certificates
Local Registration Authority (LRA)
Performs the functions of RA but can also verify identity
X.509
Describes digital certificate structure. Current version is 3
Certificate Policies
Define what a certificate does. (Identification, digital signature, encryption, etc)
Certificate Practice Statement (CPS)
CA statement detailing issuance of certificates and implementation of policies
Certificate Revocation
Revoking a certificate before it expires. Examples are loss, theft, or employee leaving an organization
Certificate Revocation List (CRL)
List of revoked certificates.
Updated on a regular schedule
May have lag between certificate revocation and CRL update
Online Certificate Status Protocol (OCSP)
Used to overcome lag in CRL updates. Updates are immediately available through OCSP
Trust Models
Hierarchical (tree) - Root CA distributes to intermediate CA on to "Leaf" CA
Bridge - peer-peer relationship between root CA. CAs trust only those in their tree and trust the other tree through root CA
Mesh - AKA web. Multiple Root CAs trusting each other
Hybrid - Mixture of capabilities of other models
Attacking the Key
Attempt to discover the value of the key.
Dictionary attacks, Rainbow tables, etc
Attacking the algorithm
Seeking mathematical errors or backdoors
Intercepting the Transmission
Looking for patterns over time or waiting for a user to make a mistake
Birthday Attack
Possibility that two values will produce the same hash
Weak Key Attack
Attacking short, simple passwords
Mathematical Attack
Focused on the algorithm. Breaking the encryption method rather than the key or message
Key lifecycle
Key (certificate) process from generation to end-of-life or destruction
Key Generation
Centralized requires much system resources. Problems with distribution
Decentralized takes the load and spreads risk but has issues with storage and management
Key distribution
How keys are stored and delivered
Key Distribution Center in Kerberos
Key Exchange Algorithm in PKI
Key Escrow
Retaining keys for a third party (law enforcement)
Key expiration
Each key has a date beyond which cannot be used
Key revocation
Key is permanently revoked
loss, theft, transfer, etc
Key Suspension
Temporarily deactivating a key.
Leave of absence or numerous failed logon attempts
Key Archiving/Recovery
Old keys are held to access information
Key Renewal
Keys expiration date can be extended
Key destruction
Destroy the key so that it cannot be reused
x of y cards