A certificate repository (CR) is a publicly accessible centralized directory of digital certificates
A digital certificate is a technology used to associate a user's identity to a private key.
A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate, is known as?
Certificate Practice Statement (CPS)
Access Policy (AP)
Lifecycle Policy (LP)
Certificate Policy (CP)
A framework for all of the entities involved in digital certificates for digital certificate management is known as:
private key infrastructure
network key infrastructure
public key infrastructure
shared key infrastructure
A Subject Alternative Name (SAN) digital certificate, is also known as a Unified Communications Certificate (UCC).
At what stage can a certificate no longer be used for any type of authentication?
expiration
creation
suspension
revocation
A user electronically signs a Certificate Signing Request (CSR) by affixing their public key and then sending it to an intermediate certificate authority.
Digital certificates should last forever.
Root digital certificates should never be self-signed.
Select the secure alternative to the telnet protocol:
HTTPS
IPsec
TLS
SSH
Select the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates:
Registration Authority
Participation Authority
Certification Authority
Delegation Authority
Some CAs issue only entry-level certificates that provide domain-only validation.
Some cryptographic algorithms require that in addition to a key another value can or must be input.
SSL v3.0 served as the basis for TLS v1.0.
Stream ciphers work on multiple characters at a time.
The Authentication Header (AH) protocol is a part of what encryption protocol suite below?
IPSec
SSL
TLS 3.0
GPG
The process by which keys are managed by a third party, such as a trusted CA, is known as?
key escrow
key renewal
key destruction
key management
What allows an application to implement an encryption algorithm for execution?
counters
initialization vectors
crypto modules
crypto service providers
What block cipher mode of operation encrypts plaintext and computes a message authentication code to ensure that the message was created by the sender and that it was not tampered with during transmission?
Counter
Galois/Counter
Electronic Code Book
Cipher Block Chaining
What block cipher mode of operation uses the most basic approach where the plaintext is divided into blocks, and each block is then encrypted separately?
What common method is used to ensure the security and integrity of a root CA?
Keep it in an offline state from the network
Keep it in an online state and encrypt it
Password protect the root CA
Only use the root CA infrequently
What cryptographic transport algorithm is considered to be significantly more secure than SSL?
AES
ESSL
What is a value that can be used to ensure that plaintext, when hashed, will not consistently result in the same digest?
counter
nonce
initialization vector
salt
What is used to create session keys?
master secret
validation
domain validation
What kind of digital certificate is typically used to ensure the authenticity of a web server to a client?
public web
web server
web client
private
What length SSL and TLS keys are generally considered to be strong?
128
1024
2048
4096
What process links several certificates together to establish trust between all the certificates involved?
certificate joining
certificate linking
certificate pairing
certificate chaining
What process will remove all private and public keys along with the user's identification information in the CA?
destruction
deletion
What protocol below supports two encryption modes: transport and tunnel?
What protocol, developed by Netscape in 1994, is designed to create an encrypted data path between a client and server that could be used on any platform or operating system?
EAP
PEAP
SSL v3.0 is considered more secure than TLS v1.2
What term best represents the resiliency of a cryptographic key to attacks?
key bits
key resiliency
key strength
key space
What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs?
transitive trust
distributed trust
third-party trust
bridge trust
What type of trust model is used as the basis for most digital certificates used on the Internet?
related trust
managed trust
When two individuals trust each other because of the trust that exists between the individuals and a separate entity, what type of trust has been established?
third-party
distributed
web of
mutual
Which of the following certificates are self-signed?
root digital certificates
trusted digital certificates
web digital certificates
user digital certificates
Which of the following certificates verifies the identity of the entity that has control over the domain name?
validation digital certificate
domain validation digital certificate
Which of the following is an enhanced type of domain digital certificate?
Trusted Validation
Extended Validation
Primary Validation
Authorized Validation
Which of the following is an input value that must be unique within some specified scope, such as for a given period or an entire session?
Which of the following is a valid way to check the status of a certificate? (Choose all that apply.)
Online Certificate Status Protocol
Certificate Revocation List
Certificate Revocation Authority
Revocation List Protocol
Why is IPsec considered to be a transparent security protocol?
IPsec's design and packet header contents are open sourced technologies
IPsec uses the Transparent Encryption (TE) algorithm
IPsec is designed to not require modifications of programs, or additional training, or additional client setup
IPsec packets can be viewed by anyone
