Question 1

A user electronically signs a Certificate Signing Request (CSR)by affixing their public key and then sending it to an intermediate certificate authority.

Accepted Answer

This is the correct process of signing a CSR. The user signs the CSR with their private key, and attaches their public key to the request before sending it to the intermediate certificate authority for approval.

Question 2

A digital certificate is a technology used to associate a user's identity to a private key.

Accepted Answer

False

Question 3

SSL v3.0 served as the basis for TLS v1.0.

Accepted Answer

TLS v1.0 was designed as an upgraded version of SSL v3.0, and thus bases much of its functionalities and design on SSL v3.0.

Question 4

A framework for all of the entities involved in digital certificates for digital certificate management is known as:&#10;A)public key infrastructure&#10;B)network key infrastructure&#10;C)private key infrastructure&#10;D)shared key infrastructure

Accepted Answer

Public key infrastructure (PKI) is the framework that involves all the entities involved in digital certificates for digital certificate management. It is a system of digital certificates, certificate authorities, and other registration authorities that verify and authenticate the validity of each party involved in an electronic transaction. PKI ensures security and privacy by enabling the use of public and private keys for encryption and decryption.

Question 5

What type of trust model is used as the basis for most digital certificates used on the Internet?&#10;A)third-party trust&#10;B)related trust&#10;C)managed trust&#10;D)distributed trust

Accepted Answer

The answer of What type of trust model is used...

Question 6

A document that describes in detail how a CA uses and manages certificates,as well as how end users register for a digital certificate,is known as?&#10;A)Certificate practice statement (CPS)&#10;B)Certificate policy (CP)&#10;C)Lifecycle policy (LP)&#10;D)Access policy (AP)

Accepted Answer

A Certificate Practice Statement (CPS) is a detailed document that outlines the policies, procedures, and practices of a Certificate Authority (CA) when issuing and managing digital certificates. The CPS provides information on how the CA verifies the identity of certificate applicants, how it ensures the security of private keys, and how it manages certificate revocation. It also outlines the responsibilities of the end users when registering for a digital certificate.

Question 7

When two individuals trust each other because of the trust that exists between the individuals and a separate entity,what type of trust has been established?&#10;A)web of&#10;B)mutual&#10;C)third-party&#10;D)distributed

Accepted Answer

This scenario describes third-party trust, where two individuals trust each other based on a trust relationship that exists with a separate entity (the third party).

Question 8

What kind of digital certificate is typically used to ensure the authenticity of a web server to a client?&#10;A)private&#10;B)web server&#10;C)public web&#10;D)web client

Accepted Answer

A web server certificate is specifically designed to authenticate the identity of a web server to a client. This ensures that the client is communicating with the intended server and not an imposter. Public web certificates are used to authenticate the identity of a website to a user, while private and web client certificates serve different purposes.

Question 9

At what stage can a certificate no longer be used for any type of authentication?&#10;A)creation&#10;B)suspension&#10;C)revocation&#10;D)expiration

Accepted Answer

The answer of At what stage can a certificate no...

Question 10

What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs?&#10;A)bridge trust&#10;B)distributed trust&#10;C)third-party trust&#10;D)transitive trust

Accepted Answer

A bridge trust model involves a single CA that acts as a facilitator, connecting all other CAs to enable them to trust each other. This model allows for the interconnection and interoperability among diverse CAs.

Question 11

Digital certificates should last forever.

Accepted Answer

The answer of Digital certificates should last forever....

Question 12

The process by which keys are managed by a third party,such as a trusted CA,is known as?&#10;A)key escrow&#10;B)key destruction&#10;C)key renewal&#10;D)key management

Accepted Answer

The answer of The process by which keys are managed...

Question 13

A certificate repository (CR)is a publicly accessible centralized directory of digital certificates.

Accepted Answer

The answer of A certificate repository (CR)is a publicly accessible...

Question 14

Stream ciphers work on multiple characters at a time.

Accepted Answer

The answer of Stream ciphers work on multiple characters at...

Question 15

A Subject Alternative Name (SAN)digital certificate,is also known as a Unified Communications Certificate (UCC).

Accepted Answer

The answer of A Subject Alternative Name (SAN)digital certificate,is also...

Question 16

Some CAs issue only entry-level certificates that provide domain-only validation.

Accepted Answer

The answer of Some CAs issue only entry-level certificates that...

Question 17

Some cryptographic algorithms require that in addition to a key another value can or must be input.

Accepted Answer

The answer of Some cryptographic algorithms require that in addition...

Question 18

Root digital certificates are should never be self-signed.

Accepted Answer

The answer of Root digital certificates are should never be...

Question 19

Select the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates:&#10;A)Registration Authority&#10;B)Delegation Authority&#10;C)Certification Authority&#10;D)Participation Authority

Accepted Answer

The answer of Select the term that is used to...

Question 20

What term best represents the resiliency of a cryptographic key to attacks?&#10;A)key bits&#10;B)key resiliency&#10;C)key strength&#10;D)key space

Accepted Answer

The answer of What term best represents the resiliency of...

Question 21

What process will remove all private and public keys along with the user's identification information in the CA?&#10;A)suspension&#10;B)deletion&#10;C)destruction&#10;D)revocation

Accepted Answer

The answer of What process will remove all private and...

Question 22

Which of the following certificates verifies the identity of the entity that has control over the domain name?&#10;A)validation digital certificate&#10;B)root digital certificates&#10;C)domain validation digital certificate&#10;D)web digital certificates

Accepted Answer

The answer of Which of the following certificates verifies the...

Question 23

What common method is used to ensure the security and integrity of a root CA?&#10;A)Keep it in an offline state from the network.&#10;B)Only use the root CA infrequently.&#10;C)Password protect the root CA&#10;D)Keep it in an online state and encrypt it.

Accepted Answer

The answer of What common method is used to ensure...

Question 24

What allows an application to implement an encryption algorithm for execution?&#10;A)counters&#10;B)crypto service providers&#10;C)initialization vectors&#10;D)crypto modules

Accepted Answer

The answer of What allows an application to implement an...

Question 25

What block cipher mode of operation uses the most basic approach where the plaintext is divided into blocks,and each block is then encrypted separately?&#10;A)Electronic Code Book&#10;B)Galois/Counter&#10;C)Cipher Block Chaining&#10;D)Counter

Accepted Answer

The answer of What block cipher mode of operation uses...

Question 26

What is a value that can be used to ensure that plaintext,when hashed,will not consistently result in the same digest?&#10;A)salt&#10;B)initialization vector&#10;C)counter&#10;D)nonce

Accepted Answer

The answer of What is a value that can be...

Question 27

What protocol,developed by Netscape in 1994,is designed to create an encrypted data path between a client and server that could be used on any platform or operating system?&#10;A)SSL&#10;B)TLS&#10;C)PEAP&#10;D)EAP

Accepted Answer

The answer of What protocol,developed by Netscape in 1994,is designed...

Question 28

Which of the following is an input value that must be unique within some specified scope,such as for a given period or an entire session?&#10;A)salt&#10;B)initialization vector&#10;C)counter&#10;D)nonce

Accepted Answer

The answer of Which of the following is an input...

Question 29

What cryptographic transport algorithm is considered to be significantly more secure than SSL?&#10;A)AES&#10;B)HTTPS&#10;C)ESSL&#10;D)TLS

Accepted Answer

The answer of What cryptographic transport algorithm is considered to...

Question 30

Which of the following certificates are self-signed?&#10;A)trusted digital certificates&#10;B)root digital certificates&#10;C)web digital certificates&#10;D)user digital certificate

Accepted Answer

The answer of Which of the following certificates are self-signed?&#10;A)trusted...

Question 31

What length SSL and TLS keys are generally considered to be strong?&#10;A)128&#10;B)1024&#10;C)2048&#10;D)4096

Accepted Answer

The answer of What length SSL and TLS keys are...

Question 32

Which of the following is an enhanced type of domain digital certificate?&#10;A)Primary Validation&#10;B)Extended Validation&#10;C)Authorized Validation&#10;D)Trusted Validation

Accepted Answer

The answer of Which of the following is an enhanced...

Question 33

Select the secure alternative to the telnet protocol:&#10;A)HTTPS&#10;B)TLS&#10;C)IPsec&#10;D)SSH

Accepted Answer

The answer of Select the secure alternative to the telnet...

Question 34

Why is IPsec considered to be a transparent security protocol?&#10;A)IPsec packets can be viewed by anyone.&#10;B)IPsec is designed to not require modifications of programs,or additional training,or additional client setup.&#10;C)IPsec's design and packet header contents are open sourced technologies.&#10;D)IPsec uses the Transparent Encryption (TE)algorithm.

Accepted Answer

The answer of Why is IPsec considered to be a...

Question 35

The Authentication Header (AH)protocol is a part of what encryption protocol suite below?&#10;A)TLS 3.0&#10;B)IPSec&#10;C)GPG&#10;D)SSL

Accepted Answer

The answer of The Authentication Header (AH)protocol is a part...

Question 36

Which of the following is a valid way to check the status of a certificate? (Choose all that apply. )&#10;A)Online Certificate Status Protocol&#10;B)Certificate Revocation Authority&#10;C)Certificate Revocation List&#10;D)Revocation List Protocol

Accepted Answer

The answer of Which of the following is a valid...

Question 37

What process links several certificates together to establish trust between all the certificates involved?&#10;A)certificate pairing&#10;B)certificate linking&#10;C)certificate joining&#10;D)certificate chaining

Accepted Answer

The answer of What process links several certificates together to...

Question 38

What block cipher mode of operation encrypts plaintext and computes a message authentication code to ensure that the message was created by the sender and that it was not tampered with during transmission?

A)Electronic Code Book
B)Galois/Counter
C)Cipher Block Chaining
D)Counter

Accepted Answer

The answer of What block cipher mode of operation encrypts...

Question 39

What is used to create session keys?&#10;A)master secret&#10;B)crypto modules&#10;C)validation&#10;D)domain validation

Accepted Answer

The answer of What is used to create session keys?&#10;A)master...

Question 40

What protocol below supports two encryption modes: transport and tunnel?&#10;A)HTTPS&#10;B)IPSec&#10;C)SSL&#10;D)TLS

Accepted Answer

The answer of What protocol below supports two encryption modes:...

Question 41

Explain how digital certificates are managed.

Accepted Answer

The answer of Explain how digital certificates are managed....

Question 42

What protocol uses SSL or TLS to secure communications between a browser and a web server?

Accepted Answer

The answer of What protocol uses SSL or TLS to...

Question 43

List the three PKI trust models that use a CA.

Accepted Answer

The answer of List the three PKI trust models that...

Question 44

What are the three areas of protection provided by IPSEC?

Accepted Answer

The answer of What are the three areas of protection...

Question 45

What is the S/MIME protocol used for?

Accepted Answer

The answer of What is the S/MIME protocol used for?...

Question 46

What is a cryptographic key?

Accepted Answer

The answer of What is a cryptographic key?...

Question 47

Explain how Cipher Block Chaining (CBC)operates.

Accepted Answer

The answer of Explain how Cipher Block Chaining (CBC)operates....

Question 48

What is a cipher suite?

Accepted Answer

The answer of What is a cipher suite?...

Question 49

List the four stages of a certificate life cycle.

Accepted Answer

The answer of List the four stages of a certificate...

Question 50

What role does a key recovery agent fulfill in an enterprise environment?

Accepted Answer

The answer of What role does a key recovery agent...

Deck 4: Advanced Cryptography and PKI