Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
205 Cards in this Set
- Front
- Back
The user’s _____ key is combined with the resulting certificate after the certificate server constructs and populates a _____ certificate.
|
public / digital
|
|
A certificate _____ can be used to hold individuals’ certificates and public keys that participate in a particular PKI environment.
|
repository
|
|
The subject field within a digital certificate specifies its _____.
|
owner
|
|
The _____ number field contains a unique number that identifies the specific certificate issued by a particular CA.
|
serial
|
|
The _____ _____ field within a digital certificate indicates the certificate format and the fields that can be used in it.
|
version number
|
|
In the _____ process, the registration authority (RA) assumes that the individual has successfully completed one registration round.
|
renewal
|
|
The status of a certificate that has been temporarily put on hold is referred to as _____.
|
suspended
|
|
_____-_____ are used when independent CAs establish peer-to-peer trust relationships.
|
Cross-certificates
|
|
A trusted authority that certifies individuals’ identities and creates digital certificates is called a _____ authority.
|
certificate
|
|
The ______ certificate extension contains the key used to verify a digital signature.
|
DigitalSignature
|
|
The _____ certificate extension contains the key used to verify CA signatures on certificates.
|
KeyCertSign
|
|
The public key field in a digital certificate identifies the algorithm used to create the _____/_____ key pair.
|
private/public
|
|
One valid reason to revoke a certificate is when a user’s private key has been _____.
|
compromised
|
|
The _____ process takes place when the validity of a certificate needs to be terminated before the actual expiration date.
|
revocation
|
|
_____-_____ certificates are issued by a CA to a specific subject.
|
End-entity
|
|
Key _____ refers to a process of giving keys to a third party so that they can decrypt and read sensitive information when the need arises.
|
escrow
|
|
_____ occurs when a certificate has fulfilled its lifetime and its end validity date has been met.
|
Renewal
|
|
One CA is not subordinate to another CA in a _____-___-______ model.
|
peer-to-peer
|
|
The root CA creates a self-signed certificate for itself in the
_____ trust model. |
hierarchical
|
|
_____ __ _____ refers to the act of verifying that an individual has the corresponding private key for a given public key.
|
Proof of possession
|
|
The _____ _____ is responsible for accepting digital certificate requests, and registering and authenticating the person making the request.
|
registration authority (RA)
|
|
Every CA should have a _____ _____ _____ that outlines how identities are verified and the steps the CA follows to generate, maintain, and transmit certificates.
|
certification practices statement (CPS)
|
|
Repositories are usually LDAP-compliant, which means they can be accessed and searched via the _____ _____ _____ _____ ( ____ ).
|
Lightweight Directory Access Protocol (LDAP)
|
|
_____-_____ certificates are issued by a CA to a specific subject.
|
End-entity
|
|
A key pair can be generated locally by an application and stored in a local key ______ on the user’s workstation.
|
store
|
|
A _____ CA is implemented in the hybrid trust model to issue cross-certificates for all connected CAs and trust domains.
|
bridge
|
|
A class ___ certificate may be used by a company to set up its own certificate authority.
|
3
|
|
The _____ _____ certificate may be used by a company to set up its own certificate authority.
|
serial number
|
|
A CA certificate may be self-signed, or it may be issued by a _____ CA within a hierarchical model.
|
superior
|
|
_____ certificate extensions allow companies to define different, specific uses for digital certificates to suit their business needs.
|
Private
|
|
The structure that provides the necessary components for users and entities to be able to communicate in a secure, predictable manner is called _____ _____ _____ ( ___ ).
|
Public Key Infrastructure
|
|
The electronic document issued by a CA that establishes an association between the individual’s identity and a public key is called a _____ _____.
|
digital certificate
|
|
Every CA should have a certification practices statement that outlines how identities are verified, and how certificates are _____ and _____.
|
generated and transmitted
|
|
The actual service that issues certificates based on the data provided during the initial registration process is the _____ _____.
|
certificate server
|
|
The component that accepts a request for a digital certificate, and registers and authenticates the person requesting it, is called the _____ _____.
|
registration authority
|
|
A local registration authority performs the same functions as the RA, but is closer to the end users. This component is usually implemented in companies that have their own internal _____ _____ _____ ( ___ ) and have distributed sites.
|
Public Key Infrastructure (PKI)
|
|
A centralized directory, which can be accessed by a subset of individuals, is called a _____.
|
repository
|
|
Digital certificates are created based on the _____ standard, which outlines the necessary fields of a certificate and the possible values that can be entered.
|
X.509
|
|
_____ certification is used when CAs establish a peer-to-peer trust relationship.
|
Cross
|
|
The act of verifying that an individual has the corresponding private key for a given public key is referred to as _____ __ _____.
|
proof of possession
|
|
A list that contains serial numbers of certificates that have been revoked is called a certificate _____ list
|
revocation
|
|
The actual frequency with which a CRL is updated depends upon the _____ _____ ( __ ) and its certification practices statement.
|
certification authority (CA)
|
|
The request and response protocol that obtains the serial number of the validated certificate and reviews revocation lists for the client is called the _____ _____ _____ Protocol.
|
Online Certificate Status
|
|
In a _____ infrastructure, software on individual computers generates and stores cryptographic keys local to the systems.
|
decentralized
|
|
Requiring two individuals to recover a lost key together is called _____ ______.
|
dual control
|
|
A company that specializes in verifying individuals’ identities, and creating and maintaining their certificates is called a _____ CA.
|
Public
|
|
A _____ policy allows a company to decide what certification classes are acceptable and how they will be used within the organization.
|
certificate
|
|
A _____ domain is a construct of systems, personnel, applications, protocols, and policies that work together to provide a certain level of protection.
|
trust
|
|
In a _____ trust model, a bridge CA is responsible for issuing cross-certificates for all connected CAs and trust domains.
|
hybrid
|
|
In a _____ trust model, since no other entity can certify and generate certificates for the root CA, it creates a self-signed certificate.
|
hierarchical
|
|
_____ authority is responsible for the management activities designated by the certificate authority.
|
Registration
|
|
A set of rules that help determine the applicability of a certificate to an end-entity is known as a _____.
|
policy
|
|
The method used by a CA to issue certificates is called the _____ _____ _____.
|
certification practices statement
|
|
The _____ Certificate is used to grant permissions using rule-based, role-based, and rank-based access controls.
|
Attribute
|
|
X.509 is the portion of the X.500 standard that addresses the _____ of certificates used for authentication.
|
structure
|
|
A certificate used to encapsulate the information needed to authenticate an entity.
|
?
|
|
The _____ _____ _____ ( ___ ) handshake protocol allows the server and the client to negotiate a session encryption algorithm and cryptographic keys before data is exchanged.
|
Transport Layer Security (TLS)
|
|
An example of the ISAKMP is the _____ _____ _____ ( ___ ) protocol.
|
Internet Key Exchange (IKE)
|
|
The relationship where two or more entities define how they will communicate securely is called a _____ association.
|
security
|
|
The ____ ____ ____ ____ ( ____ ) defines services to manage PKI operations within the XML environment.
|
XML Key Management Specification (XKMS)
|
|
Tier ___ of XKMS provides a means of retrieving key information by embedding references to the key within the XML signature.
|
0
|
|
Tier 2 is called the _____ service.
|
validate
|
|
The XKMS specification mentions tier ___ as the assertion service.
|
3
|
|
The _____ _____ _____ ( ___ ) defines a standard syntax for transmitting cryptographic information about contents of a protected message.
|
Cryptographic Message Syntax (CMS)
|
|
The _____ _____ _____ ( ___ ) for S/MIME is part of the current IETF S/MIME v3 set of specifications.
|
Enhanced Security Services (ESS)
|
|
Digital signatures that use the SignedData syntax of CMS provide _____.
|
nonrepudiation
|
|
PGP uses a _____ encryption algorithm to encrypt the message to be sent.
|
symmetric
|
|
HTTPS uses the standard port _____ for TCP/communications.
|
443
|
|
IPSec includes a protocol called _____ _____ that provides authentication of the sender.
|
Authentication Header (AH)
|
|
In the PKIX model, the _____ _____ ( __ ) is responsible for issuing, storing, and revoking certificates.
|
certificate authority (CA)
|
|
The _____ Certificates are used to implement a PMI.
|
Attribute
|
|
The _____ _____ _____ ( ___ ) Record Protocol provides connection security by using supported encryption methods, such as the Data Encryption Standard (DES).
|
Transport Layer Security (TLS)
|
|
The two parts of TLS are TLS _____ Protocol and TLS _____ Protocol.
|
Record / Handshake
|
|
_____ is a MIME extension that provides a way to send and receive signed and encrypted MIME data.
|
S/MIME
|
|
CMS describes the _____ syntax to provide confidentiality of the message's content through encryption.
|
EnvelopedData
|
|
_____ _____ _____ ( ___ ) uses the SignedData syntax to provide integrity, authentication, and nonrepudiation.
|
Cryptographic Message Syntax
(CMS) |
|
_____ uses both asymmetric and symmetric methods of encryption.
|
Pretty Good Privacy
(PGP) |
|
In public key encryption, the private key should be kept _____.
|
confidential
|
|
In _____, otherwise known as public key encryption, the user creates a pair of keys.
|
asymmetric
|
|
The method of encryption that uses only one key is known as _____ encryption.
|
symmetric
|
|
The XML signature contains an element called _____ that indicates ways to resolve the key.
|
RetrievalMethod
|
|
The two public key _____ that PGP uses are Rivest-Shamir-Adleman (RSA) and Diffie-Hellman.
|
algorithms
|
|
The RSA version of PGP uses the _____ _____ _____ _____ ( ____ ) algorithm to generate a short symmetric key to encrypt the message.
|
International Data Encryption Algorithm
(IDEA) |
|
The Diffie-Hellman version of PGP uses the _____ _____ ___ _____ _____ ( ____ ) algorithm to encrypt a message.
|
Carlisle Adams and Stafford Tavares
(CAST) |
|
The faster method of encryption is _____ encryption.
|
symmetric
|
|
_____ ______ ______ _____ ( _____ ) uses the open standard SSL to encrypt data at the application layer.
|
Hypertext Transfer Protocol Secure
(HTTPS) |
|
_____ _____ _____ ( _____ ) provides payload compression before encryption using IPcomp.
|
Internet Protocol Security
(IPsec) |
|
IPSec provides authentication and confidentiality for both the data and the header using _____ mode.
|
tunnel
|
|
Class 2 of _____ is called server authentication
|
WLTS
|
|
Before the advent of _____, a boot floppy was used to load the operating system.
|
CD-ROMs
|
|
The process of making a complete copy of a hard drive on some other media is called _____ imaging.
|
drive
|
|
Penetration through a firewall is example of a _____ access attack.
|
logical
|
|
Unplugging computers is an example of a Denial-of-Service attack by _____ means.
|
physical
|
|
A CD-ROM is a _____ device.
|
boot
|
|
Flash memory with a USB interface in a device is known as a USB drive _____.
|
key
|
|
Storing critical information only on a server improves the _____ security of a computer.
|
physical
|
|
A user is the _____ link in a security chain.
|
weakest
|
|
The simplest, yet important security task, such as locking a workstation when unattended, is performed by a _____.
|
user
|
|
The multiple-factor is the _____ form of authentication.
|
best
|
|
False negatives and false positives should be minimized in a system that uses _____ authentication.
|
biometric
|
|
_____ controls refer to physical barriers.
|
Access
|
|
The process in which users prove their _____ is called authentication.
|
identity
|
|
Radio frequency card is a _____ access token.
|
physical
|
|
The method of authentication that uses physical characteristics of a person is known as _____.
|
biometrics
|
|
Face geometry is used in _____ systems.
|
biometric
|
|
A biometric system denying access to an authorized individual is an example of a _____ _____.
|
false negative
|
|
A biometric system granting access to an unauthorized individual is an example of a _____ _____.
|
false positive
|
|
The simplest solution to combat the threat of bootdisks is to _____/_____ floppy drives when not required.
|
remove/disable
|
|
A password is a category of ____.
|
authentication
|
|
All network security measures are negated if _____ security is breached.
|
physical
|
|
A removable media from which a computer can be booted into an operating system is called a _____.
|
bootdisk
|
|
Drive _____ enables the user to create a bit-by-bit copy of the hard drive.
|
imaging
|
|
Hackers can exploit the _____ feature of CD-ROMs.
|
autorun
|
|
Setting a password on the _____ delays an attacker from resetting the boot sequence to boot from a device other than the hard drive.
|
Basic Input/Output System
(BIOS) |
|
In _____ security, the weakest link is the user.
|
physical
|
|
CCTV stands for _____ _____ _____.
|
Closed Circuit Television
|
|
The concept of making users pass through multiple levels of security to reach critical assets is called _____ access.
|
layered
|
|
A _____ network should be used for CCTVs that are IP based.
|
separate
|
|
The process of allowing or denying access to a physical space is called _____.
|
authentication
|
|
The traditional form of physical access authentication is an access _____.
|
token
|
|
A card that contains an integrated circuit is known as a _____ card.
|
smart
|
|
The risk of theft of the token can be offset by using _____ authentication.
|
multifactor
|
|
The most common biological factor in biometrics is the _____.
|
fingerprint
|
|
When biological factors are used for authentication, the computer takes the image of the factor and converts it into a _____ value.
|
numeric
|
|
The combination of two or more types of authentication is known as _____ authentication.
|
multifactor
|
|
An example of _____ _____ is a hand scanner denying access to an authorized individual with a ring on a finger.
|
false negative
|
|
Written guidelines for employees are known as _____ ___ _____.
|
policies and procedures
|
|
In the client/server model, the client computer is called a _____.
|
workstation
|
|
Disabling all application programs not in use does not increase workstation _____.
|
security
|
|
_____ host applications and data for other computers to share.
|
Servers
|
|
Removing the patches from the OS does not improve server _____.
|
security
|
|
In a star configuration, the center of the star is the _____.
|
hub
|
|
Switches have separate _____ domains for each port.
|
collision
|
|
Though earlier switches operated at the data-link layer of the OSI model, new switches operate at the _____ layer.
|
Network
|
|
Cisco defines a _____ _____ _____ _____ ( ____ ) as a “broadcast domain within a switched network.”
|
Virtual Local Area Network
(VLAN) |
|
_____ is a protocol often used to administer a switch.
|
Simple Network Management Protocol
(SNMP) |
|
_____ are a network traffic management device used to connect different network segments.
|
Routers
|
|
For security purposes, a _____ server is placed in the DMZ.
|
Remote Access Server
(RAS) |
|
VPNs commonly use the _____ protocol to provide security.
|
Internet Protocol Security
(IPSec) |
|
_____ cable is used to connect televisions to VCRs.
|
Coaxial
|
|
The method of connecting equipment uses the same technology as the phone industry for the movement of electrical signals is _____ _____ cable.
|
twisted pair
|
|
_____ beams are used to connect devices over a thin glass wire.
|
Laser
|
|
The _____ belongs to the radio frequency portion of the electromagnetic spectrum.
|
microwave
|
|
___-__ / _____uses a laser beam to read data stored on a physical device.
|
CD-R/DVD
|
|
An _____ is the extension of a selected portion of a company's intranet to external partners.
|
extranet
|
|
The two most common modes of _____ transfer are transfer of an infected file from one machine to another and email.
|
virus
|
|
A card with a connector port for a particular type of network connection is called a _____ _____ _____ ( ___ ).
|
Network Interface Card
(NIC) |
|
A series of rules governing whether a packet is allowed or blocked from a connection is called an _____ _____ list.
|
access control
|
|
The point of entry from a wireless device to a wired network is performed at a device called a _____.
|
Wireless Access Point
(WAP) |
|
_____ is short for modulator/demodulator.
|
Modem
|
|
Private branch exchanges are an _____ of the public telephone network into a business.
|
extension
|
|
Systems designed to detect, log, and respond to an unauthorized network or host use are called _____.
|
Intrusion Detection System
(IDS) |
|
The host-based IDS works by collecting information from all the _____ on the network.
|
servers
|
|
The standard method for connecting twisted-pair cables is via an 8-pin connector called an _____ connector.
|
RJ-45
|
|
A device that can obtain network information is called a _____.
|
sniffer
|
|
A technique called _____-_____ involves a laptop and software to find wireless networks from outside the premises.
|
war-driving
|
|
A switch plays a similar role on the _____ that a router plays on the Internet.
|
intranet
|
|
Hard drives, floppy drives, and magnetic tapes are examples of magnetic _____ media.
|
storage
|
|
Iomega improved on the storage capacity of the standard floppy by introducing the _____ disk.
|
Zip
|
|
A buffer zone between the Internet and the inner, secure network, where an organization has security policies, is called _____.
|
Demilitarized Zone
(DMZ) |
|
HTTP-based services available over the Internet are collectively called the _____.
|
World Wide Web
(WWW) |
|
A network that is similar to the Internet but lies completely inside the trusted area of a network is called the _____.
|
intranet
|
|
The process of spanning a single VLAN across multiple switches is known as _____.
|
trunking
|
|
Addresses that are not routed across the Internet are called _____-_____.
|
non-routable
|
|
The method of packaging packets so that they can traverse a network in a secure, confidential manner is called _____.
|
tunneling
|
|
_____ is not a step in the establishment of proper privileges.
|
Identification
|
|
Matching user-supplied credentials to the ones previously stored on a host machine is known as _____.
|
authentication
|
|
_____ is the process of collecting billing and other detail records.
|
Accounting
|
|
_____ uses an account number and a password.
|
Authentication
|
|
The process of ascribing a computer ID to a specific user, computer, or network device is called ______.
|
identification
|
|
Biometrics is a form of _____.
|
authentication
|
|
_____ is the standard terminal-emulation protocol within the TCP/IP protocol series.
|
Telnet
|
|
The transport layer protocol in the _____ protocol does not provide accounting.
|
Secure Shell
(SSH) |
|
_____ is the process of encapsulation of one packet within another.
|
Tunneling
|
|
_____-__-_____ _____ _____ ( ____ ) is a tunneling protocol.
|
Point-to-Point Tunneling Protocol
(PPTP) |
|
Routers can be enabled to concentrate VPN traffic over higher bandwidth lines in the _____ _ _____ _____ ( ____ ) protocol.
|
Layer 2 Tunneling Protocol
(L2TP) |
|
_____ protection refers to the protection of the data portion of a packet.
|
Content
|
|
_____ protection refers to the protection of the header information.
|
Context
|
|
_____ _____ _____ ( ___ ) is used by IPSec to provide traffic security.
|
Encapsulating Security Payload
(ESP) |
|
The IEEE _____ standard is a protocol that supports communications between a user and an authorization device, such as an edge router.
|
802.1x
|
|
_____ _____ _____ __ _____ _____ ( ______ ) utilizes UDP as its transport protocol.
|
Remote Authentication Dial In User Service
(RADIUS) |
|
_____ _____ _____ _____-_____ _____ _____ ( _______ ) uses TCP as its transport protocol.
|
Terminal Access Controller Access-Control System Plus
(TACACS+) |
|
On receiving a _____ message, the TACACS+ server sends a reply message.
|
START
|
|
The TACACS+ record _____ indicates that a particular task is still being performed.
|
UPDATE
|
|
The algorithm _____ _____ _____ _____ ( ____ ) is used by IPSec for encrypting data.
|
International Data Encryption Algorithm
(IDEA) |
|
Telnet connects using TCP port _____.
|
23
|
|
The SSH protocol is designed to eliminate all ______ associated with telnet, r- commands, and other means of remote access.
|
insecurities
|
|
In the SSH protocol, the connection protocol provides _____ of the encrypted tunnel into several logical channels.
|
multiplexing
|
|
Most PPTP implementations involve three _____: the PPTP client, the network access server and a PPTP server.
|
computers
|
|
Although PPTP allows the use of any PPP authentication scheme, _____ is used to provide an appropriate level of security.
|
Challenge-Handshake Authentication Protocol
(CHAP) |
|
The IEEE 802.11 protocol series covers the use of _____ communications media in networks.
|
microwave
|
|
The IEEE _____ is the protocol series for a wireless MAN.
|
802.16
|
|
A _____ network consists of a wireless access point connected to a network, and a wireless network interface card on a client machine
|
wireless
|
|
The primary issue when _____ acts as an IPSec server is that of CPU usage.
|
Windows
|
|
In the IPSec tunnel mode, the tunnel end points are referred to as _____ even though they might be routers or appliances.
|
servers
|
|
The encapsulated method of passing EAP messages over 802 frames is called _____ _____ _____ _____ _____ _____ _____ ( _____ ).
|
Extensible Authentication Protocol over Local Area Network
(EAPOL) |
|
The _____ _____ _____ __ _____ _____ ( ______ ) application layer handles connection type issues, such as timeouts.
|
Remote Authentication Dial In User Service
(RADIUS) |
|
In the RADIUS protocol, the authentication and authorization steps are performed together in response to a single _____-_____ message.
|
Access-Request
|
|
The RADIUS _____ function is performed independently of RADIUS authentication and authorization.
|
accounting
|
|
In the TACACS+ authentication process, the _____ message describes the type of authentication being requested.
|
START
|
|
The client response to a REPLY message requesting additional data is a _____ message.
|
CONTINUE
|
|
In the TACACS+ authorization process, a default state of _____ user exists before a user is authenticated.
|
unknown
|
|
In TACACS+, accounting is defined as the process of _____ what a user or a process has done.
|
recording
|
|
SSH opens a secure transport between machines by using an SSH _____ on each end.
|
daemon
|
|
L2TP is established via User Datagram Protocol (UDP) port _____.
|
1701
|