Security Plus Chapter 13

Front 1

What is a certificate?

Back 1

An electronic file that stores public (and some times the private keys) and binds the public key to its entity (owner).

Front 2

1. The recipient's public key is used to?
   
2. The recipient's private key is used to?

Back 2

1. Encrypt data or a message.
   
2. Decrypt the data or message.

Front 3

What are the two function of private keys?

Back 3

1. To decrypt received message or data
2. To sign the senders message for non-repudiation
   

Front 4

What nine values are contained in the digital certificate?

Back 4

1. Public Key: of owner
2. Algorithm: asymmetric algorithm used
3. Serial number: unique ID
   
4. Subject: name of owner
5. Issuer: name of issuer (root CA)
   
6. Valid from: start date
7. Valid from: End date
8. Thumbprint algorithm: algorithm of hash
9. Thumbprint: hash value
   

Front 5

Who signs the Certificate?

Back 5

The Certificate Authority that issued it.

Front 6

What are the two types of Certificate Authorities

Back 6

1. Public CA
2. Private CA
   

Front 7

Once a Subordinate CA is created for each location what should happen to the Root CA.

Back 7

The Root CA should be powered off so that is not compromised.

Front 8

A PKI is made up of what?

Back 8

A Root CA and Subordinate CAs.

Front 9

Registration Authority is responsible for?

Back 9

Accepting certificate requests from clients and then validating the entity requesting the certificate.

Front 10

What does the Repository (LDAP-compliant directory) store?

Back 10

1. Certificates
2. Public Keys
   

Front 11

What are the five stages of the Certificate Life Cycle?

Back 11

1. Request
2. Certificate
3. Renewal
4. Suspension and Revocation
5. Destruction
   

Front 12

What is the CRL?

Back 12

Certificate Revocation List (CRL) that is checked by applications to verify that right of use.

Front 13

What is the OSCP?

Back 13

Online Certificate Status Protocol (OSCP) that uses HTTP to communicate with the CA and check status of certificate.

Front 14

Explain the Recovery Agent?

Back 14

The Recovery Agent is an individual or group that the can decrypt information when necessary

Front 15

How do PKIs deal with key recovery/

Back 15

1. Using Key Archiving
   
2. Key recover policy
3. M of N control minimum number of employees out of the possible number of employees.
   

Front 16

A key Escrow is?

Back 16

The process of handing cryptography key over to a third party.

Front 17

Trust Certificates (Cross Certificates) are used in place of what?

Back 17

Keys so that keys do not have to be created between businesses.

Front 18

What is the Trust Path?

Back 18

When a CA that issued a certificate to a subordinate CA (the root CA) is validated.

Front 19

What are the five steps SSL enabled web sites clients take to connect to the web site?

Back 19

1. Send request to port 443
2. Server sends the public key to client
3. The Client validates the key
4. The Client creates a symmetric (session key) which encrypts the web page content and the symmetric key is encrypted with the public key
5. The web server decrypts the symmetric key which is used to encrypt client/ server traffic

Front 20

How do Digital Signatures Work?

Back 20

1. A message digest (hash value) is created
2. The message digest is encrypted by sender's private key and sent
3. The sender's public key is used to decrypt the message
4. The receiver creates a new message digest which is validated by sender message digest.
   

Front 21

Name three issues that have to be handled when creating PKIs?

Back 21

1. Renewal
2. Issuing CA identifying trusted users
3. Subject Name names mismatched
   

Front 22

Registration Authority involves three things?

Back 22

1. Policy for requesting certificates
2. Outline you can request certificates
3. Type of validation on the request