Question 1

12)If a CA creates a certificate that is signed by its own private key, it is commonly known as a(n) ____.&#10;A) intermediate CA&#10;B) self-signed CA&#10;C) mid-level CA&#10;D) domain CA

Accepted Answer

When a CA creates a certificate that is signed by its own private key, it is known as a self-signed certificate. This is different from an intermediate CA, which is a CA that is signed by a higher-level (root or top-level) CA, and is used to issue and manage certificates for a specific organization or domain. Mid-level CA and domain CA are not commonly used terms in the context of certificate authorities.

Question 2

1)The foundation of PKI was established approximately 30 years ago with the invention of private key cryptography.

Accepted Answer

PKI (Public Key Infrastructure) is founded on the principles of public key cryptography, not private key cryptography, and its conceptual foundation was laid more than 30 years ago with the invention of public key cryptography in the 1970s.

Question 3

7)The core services provided by PKI are ____ , integrity and confidentiality.&#10;A) authentication&#10;B) authorization&#10;C) availability&#10;D) nonrepudiation

Accepted Answer

Authentication is the process of verifying the identity of a user or device. Integrity is the assurance that data has not been altered or corrupted. Confidentiality is the protection of data from unauthorized access. Nonrepudiation is the ability to prove that a message was sent or received by a specific party.

Question 4

2)The most common method of entity authentication is a prompting for a user ID and password.

Accepted Answer

This is correct, prompting for a user ID and password is the most common method of entity authentication.

Question 5

13)A CA certificate signed by another CA's private key is referred as a(n) ____ .&#10;A) self-signed CA&#10;B) root CA&#10;C) intermediate CA&#10;D) top-level CA

Accepted Answer

Intermediate CAs are certificates that are signed by another CA, not by themselves, acting as a link in the chain of trust from the root CA to the end-entity certificate.

Question 6

20)The ____ phase ensures that the private key and public key certificates created are used correctly and efficiently in the PKI community.&#10;A) registration&#10;B) issued&#10;C) initialization&#10;D) cancellation

Accepted Answer

The answer of 20)The ____ phase ensures that the private...

Question 7

6)Digital signature provides not only data origin authentication but also data ____.&#10;A) availability&#10;B) entity confidentiality&#10;C) integrity&#10;D) confidentiality

Accepted Answer

Digital signature provides both data origin authentication, ensuring that the message was indeed sent by the claimed sender, and data integrity, ensuring that the message has not been altered or tampered with during transmission. It does not provide confidentiality, which is the protection of the content of the message from unauthorized access, nor availability, which is the assurance that the message is accessible to authorized parties when needed.

Question 8

3)The fundamental premise of public key cryptography is to provide secure communication between strangers.

Accepted Answer

Public key cryptography allows people who do not know each other to securely communicate and exchange information without the need for a shared secret key. Each person has a public key that can be freely distributed, and a private key that is kept secret. The public key can be used to encrypt messages, which can only be decrypted with the corresponding private key. This enables secure communication between strangers.

Question 9

11)____ is the certification of a document as authentic and true by a public official known as a &#34;notary public.&#34;&#10;A) Trusted source&#10;B) Nonrepudiation&#10;C) Authentication&#10;D) Notarization

Accepted Answer

Notarization is the process of having a public official (a notary public) certify that a document is true and authentic. The notary public verifies the identity of the person signing the document and ensures that they are doing so voluntarily and without coercion. This helps to prevent fraud and gives the document added legal weight. Trusted source refers to a reliable and trustworthy source of information, while nonrepudiation and authentication refer to other aspects of information security.

Question 10

15)A(n) ____ creates key pairs and also implements backup and recovery of private keys.&#10;A) CRL server&#10;B) certificate bank&#10;C) key management server&#10;D) OCSP server

Accepted Answer

A key management server is designed to create and manage key pairs, as well as implement backup and recovery procedures for private keys. A CRL server maintains a list of revoked certificates, a certificate bank issues and manages digital certificates, and an OCSP server is used to check the status of certificates in real-time. None of these options specifically deal with key pair management and backup/recovery.

Question 11

14)Any method of publishing a certificate without a network-access protocol can be classified as ____ sharing.&#10;A) in-line&#10;B) real-time&#10;C) mail-based&#10;D) out-of-band

Accepted Answer

The answer of 14)Any method of publishing a certificate without...

Question 12

9)The technical term &#34;____&#34; refers to communications that occur outside of previously established communications method or channel.&#10;A) real-time&#10;B) in-line&#10;C) in-band&#10;D) out-of-band

Accepted Answer

The answer of 9)The technical term &#34;____&#34; refers to communications...

Question 13

5)Key and certificate life cycle management must be in place to enable public key cryptography to be used correctly.

Accepted Answer

The answer of 5)Key and certificate life cycle management must...

Question 14

16)An X.509 v3 certificate ____ extension is a bit string used to indicate the usage supported by the public key of this certificate.&#10;A) certificate policies&#10;B) key usage&#10;C) private key usage period&#10;D) policy mappings

Accepted Answer

The answer of 16)An X.509 v3 certificate ____ extension is...

Question 15

10)____ is a service that provides the assurance that an entity remains honest about its actions.&#10;A) Nonrepudiation&#10;B) Availability&#10;C) Integrity&#10;D) Confidence

Accepted Answer

The answer of 10)____ is a service that provides the...

Question 16

8)____ authentication means that only a single assurance method is used for authentication.&#10;A) Simple&#10;B) Single-factor&#10;C) Entity&#10;D) Data origin

Accepted Answer

The answer of 8)____ authentication means that only a single...

Question 17

18)The ____ is intended for displaying information to a replying party when a certificate is used.&#10;A) URI qualifier&#10;B) CPS pointer&#10;C) user notice qualifier&#10;D) OID statement

Accepted Answer

The answer of 18)The ____ is intended for displaying information...

Question 18

4)The initial creation of the public and private key pair is usually performed in the certificate authority's system.

Accepted Answer

The answer of 4)The initial creation of the public and...

Question 19

17)____ is a critical extension only applicable for CA certificates. It is composed of two fields called permitted subtrees and excluded subtrees.&#10;A) Name constraints&#10;B) Policy mappings&#10;C) Policy constraints&#10;D) Basic constraints

Accepted Answer

The answer of 17)____ is a critical extension only applicable...

Question 20

19)____ is the process in which the identity of an end entity is established and verified.&#10;A) Registration&#10;B) Keying material generation&#10;C) Certificate creation&#10;D) Certificate distribution

Accepted Answer

The answer of 19)____ is the process in which the...

Question 21

39)Briefly describe the main characteristics of an authority revocation list.

Accepted Answer

The answer of 39)Briefly describe the main characteristics of an...

Question 22

34)What are the four assurance methods? Give examples of each.

Accepted Answer

The answer of 34)What are the four assurance methods? Give...

Question 23

23)____ is a publishing method in which revocation information is updated and posted for entities in the PKI community to obtain.&#10;A) OCSP&#10;B) CPS&#10;C) PKCS&#10;D) CRL

Accepted Answer

The answer of 23)____ is a publishing method in which...

Question 24

27)____________________ is the assurance that an entity is who it claims to be.

Accepted Answer

The answer of 27)____________________ is the assurance that an entity...

Question 25

35)Alice is sending a message to Bob. How can Alice ensure data integrity?

Accepted Answer

The answer of 35)Alice is sending a message to Bob....

Question 26

36)What are some of the common tasks of a registration authority?

Accepted Answer

The answer of 36)What are some of the common tasks...

Question 27

What are the most common approaches to provide PKI client functionalities?

Accepted Answer

The answer of What are the most common approaches to...

Question 28

38)Briefly explain the certificate expiration task of the key and certificate life cycle management cancellation phase.

Accepted Answer

The answer of 38)Briefly explain the certificate expiration task of...

Question 29

26)The PKIX Working Group was established in the fall of 1995 under the standard organization ____.&#10;A) ACM&#10;B) ISO&#10;C) IEEE&#10;D) IETF

Accepted Answer

The answer of 26)The PKIX Working Group was established in...

Question 30

21)The key and certificate life cycle management concludes with the ____ phase.&#10;A) issued&#10;B) registration&#10;C) certification&#10;D) cancellation

Accepted Answer

The answer of 21)The key and certificate life cycle management...

Question 31

41)What are the three most common methods for implementing Delta CRL?

Accepted Answer

The answer of 41)What are the three most common methods...

Question 32

25)A(n) ____ creates an immediate layer of abstraction for storing revocation information in a more flexible way.&#10;A) partitioned CRL&#10;B) complete CRL&#10;C) redirect CRL&#10;D) indirect CRL

Accepted Answer

The answer of 25)A(n) ____ creates an immediate layer of...

Question 33

22)____ is the most common method of certificate revocation.&#10;A) CRL&#10;B) OCSP&#10;C) ODI&#10;D) CPS

Accepted Answer

The answer of 22)____ is the most common method of...

Question 34

29)The _________________________ is the centerpiece and the most critical component of a PKI.

Accepted Answer

The answer of 29)The _________________________ is the centerpiece and the...

Question 35

28)____________________ is the assurance of data privacy and is usually provided by symmetric cryptography using algorithms such as AES and 3DES.

Accepted Answer

The answer of 28)____________________ is the assurance of data privacy...

Question 36

40)What are the steps required to use a CRL DP?

Accepted Answer

The answer of 40)What are the steps required to use...

Question 37

31)____________________ occurs between the time of learning that the certificate should be revoked and the time that the revocation information is actually posted for the relying parties.

Accepted Answer

The answer of 31)____________________ occurs between the time of learning...

Question 38

24)CRL distribution point (CRL DP) is also called ____.&#10;A) complete CRL&#10;B) partitioned CRL&#10;C) ARL CRL&#10;D) indirect CRL

Accepted Answer

The answer of 24)CRL distribution point (CRL DP) is also...

Question 39

30)A(n) ____________________ provides a common trusted source for anyone in the PKI community to retrieve certificates.

Accepted Answer

The answer of 30)A(n) ____________________ provides a common trusted source...

Question 40

33)What are the general requirements a security infrastructure must satisfy?

Accepted Answer

The answer of 33)What are the general requirements a security...

Question 41

Match between columns&#10;                        Premises: a list of certificates that have been revoked and should not be used&#10;a list of certificates that have been revoked and should not be used&#10;a list of certificates that have been revoked and should not be used&#10;a list of certificates that have been revoked and should not be used&#10;a list of certificates that have been revoked and should not be used&#10;a list of certificates that have been revoked and should not be used&#10;a list of certificates that have been revoked and should not be used&#10;a list of certificates that have been revoked and should not be used&#10;a list of certificates that have been revoked and should not be used&#10;a uniform resource identifier (URI) that points to a CPS published by the issuing CA&#10;a uniform resource identifier (URI) that points to a CPS published by the issuing CA&#10;a uniform resource identifier (URI) that points to a CPS published by the issuing CA&#10;a uniform resource identifier (URI) that points to a CPS published by the issuing CA&#10;a uniform resource identifier (URI) that points to a CPS published by the issuing CA&#10;a uniform resource identifier (URI) that points to a CPS published by the issuing CA&#10;a uniform resource identifier (URI) that points to a CPS published by the issuing CA&#10;a uniform resource identifier (URI) that points to a CPS published by the issuing CA&#10;a uniform resource identifier (URI) that points to a CPS published by the issuing CA&#10;provides identification of the specific entity involved&#10;provides identification of the specific entity involved&#10;provides identification of the specific entity involved&#10;provides identification of the specific entity involved&#10;provides identification of the specific entity involved&#10;provides identification of the specific entity involved&#10;provides identification of the specific entity involved&#10;provides identification of the specific entity involved&#10;provides identification of the specific entity involved&#10;the community served by a CA&#10;the community served by a CA&#10;the community served by a CA&#10;the community served by a CA&#10;the community served by a CA&#10;the community served by a CA&#10;the community served by a CA&#10;the community served by a CA&#10;the community served by a CA&#10;a process that reliably and securely stores keying material even though the certificate is expired&#10;a process that reliably and securely stores keying material even though the certificate is expired&#10;a process that reliably and securely stores keying material even though the certificate is expired&#10;a process that reliably and securely stores keying material even though the certificate is expired&#10;a process that reliably and securely stores keying material even though the certificate is expired&#10;a process that reliably and securely stores keying material even though the certificate is expired&#10;a process that reliably and securely stores keying material even though the certificate is expired&#10;a process that reliably and securely stores keying material even though the certificate is expired&#10;a process that reliably and securely stores keying material even though the certificate is expired&#10;the underlying foundation or basic framework for a large environment&#10;the underlying foundation or basic framework for a large environment&#10;the underlying foundation or basic framework for a large environment&#10;the underlying foundation or basic framework for a large environment&#10;the underlying foundation or basic framework for a large environment&#10;the underlying foundation or basic framework for a large environment&#10;the underlying foundation or basic framework for a large environment&#10;the underlying foundation or basic framework for a large environment&#10;the underlying foundation or basic framework for a large environment&#10;the simplest form of CRL&#10;the simplest form of CRL&#10;the simplest form of CRL&#10;the simplest form of CRL&#10;the simplest form of CRL&#10;the simplest form of CRL&#10;the simplest form of CRL&#10;the simplest form of CRL&#10;the simplest form of CRL&#10;publishes certificates so that users can find them&#10;publishes certificates so that users can find them&#10;publishes certificates so that users can find them&#10;publishes certificates so that users can find them&#10;publishes certificates so that users can find them&#10;publishes certificates so that users can find them&#10;publishes certificates so that users can find them&#10;publishes certificates so that users can find them&#10;publishes certificates so that users can find them&#10;provides a consistent way to send and receive secure MIME data in e-mail&#10;provides a consistent way to send and receive secure MIME data in e-mail&#10;provides a consistent way to send and receive secure MIME data in e-mail&#10;provides a consistent way to send and receive secure MIME data in e-mail&#10;provides a consistent way to send and receive secure MIME data in e-mail&#10;provides a consistent way to send and receive secure MIME data in e-mail&#10;provides a consistent way to send and receive secure MIME data in e-mail&#10;provides a consistent way to send and receive secure MIME data in e-mail&#10;provides a consistent way to send and receive secure MIME data in e-mail

Accepted Answer

The Answer of Complete CRL and Infrastructure and CA domain is...

Question 42

42)Explain the main characteristics of indirect CRLs.

Accepted Answer

The answer of 42)Explain the main characteristics of indirect CRLs....

Deck 3: Essential Public Key Infrastructure