Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
24 Cards in this Set
- Front
- Back
|
The ___________________ is the PKI component that accepts requests for a digital certificate and performs the necessary steps of registering and authenticating the person requesting the certificate. |
Registration authority |
|
|
Requiring two individuals to recover a lost key together is called _______________, which simply means that two people have to be present to carry out a specific task. |
Dual controls |
|
|
The _________________ is a method of determining whether a certificate has been revoked that does not require local machine storage of CRLs. |
Online Certificate Status Protocol |
|
|
The ________________ is the trusted authority that certifies individuals' identities and creates electronic documents indicating that individuals are who they say they are. |
Certificate Authority |
|
|
Allowing a third party to possess a copy of a private key so that they can decrypt and read sensitive information if the need arises is: |
Key escrow |
|
|
A(n) ________________ is a holding place for individuals' certificates and public keys that are participating in a particular PKI environment. |
Certificate Recovery |
|
|
A(n) ________________ is used when independent CAs establish peer-to-peer trust relationships. |
Cross-certification certificate |
|
|
A(n) ________________ is a structure that provides all of the necessary components for different types of users and entities to be able to communicate securely and in a predictable manner. |
Public key infrastructure |
|
|
_______________ is the mechanism that allows keys to be retrieved in the event of a user losing access. |
Key recovery |
|
|
In a(n) _______________, one CA is not subordinate to another CA, and these is no established trust anchor between the CAs involved. |
Peer-to-peer trust model |
|
|
Within a PKI environment, where does the majority of the trust actually lie? |
All users and devices within an environment trust the CA, which allows them to indirectly trust each other. |
|
|
Once an individual validates another individual's certificate, what is the use of the public key that is extracted from this digital certificate? |
The user can now encrypt session keys and messages with this public key and can validate the sender's digital signatures. |
|
|
How can users have faith that the CRL was not modified to present incorrect information? |
The CRL is digitally signed by the CA. |
|
|
Which of the following properly describes what a public key infrastructure (PKI) actually is? |
A framework that does not specify any technologies, but provides a foundation for confidentiality, integrity, and availability services |
|
|
Why would a company implement a key archiving and recovery system within the organization? |
To make sure all data encryption keys are available for the company if and when it needs them |
|
|
Which of the following certificate characteristics was expanded upon with version 3 of the X.509 standard? |
Extensions |
|
|
Which of the following properly explains the m of n control? |
This is a control in key recovery to enforce separation of duties. |
|
|
What is a certification practices statement (CPS), and what is its purpose? |
A CPS outlines the steps a CA goes through to validate identities and generate certificates. Companies should review this document to ensure that the CA follows the necessary steps the company requires and provides the necessary level of protection. |
|
|
What steps does a user's software take to validate a CA's digital signature on a digital certificate? |
The user's software creates a message digest for the digital certificate and decrypts the encrypted message digest included within the digital certificate. If the decryption performs properly and the message digest values are the same, the certificate is validated. |
|
|
Why would a digital certificate be added to a certificate revocation list (CRL)? |
If the private key had become compromised |
|
|
What is a bridge CA, and what is its function? |
It is a CA that handles the cross-certification certificates for two or more CAs in a peer-to-peer relationship. |
|
|
If an extension is marked as critical, what does this indicate? |
If the end-entity is not programmed to understand and process this extension, the certificate and corresponding keys cannot be used. |
|
|
What is the purpose of a digital certificate? |
It binds an individual to a public key. |
|
|
What is the first step a user takes to obtain a digital certificate? |
The user submits a certificate request to the RA. |
