Exam 3: Essential Public Key Infrastructure

Any method of publishing a certificate without a network-access protocol can be classified as ____ sharing.

A(n) ____________________ provides a common trusted source for anyone in the PKI community to retrieve certificates.

An X.509 v3 certificate ____ extension is a bit string used to indicate the usage supported by the public key of this certificate.

The foundation of PKI was established approximately 30 years ago with the invention of private key cryptography.

Briefly explain the certificate expiration task of the key and certificate life cycle management cancellation phase.

____ is the process in which the identity of an end entity is established and verified.

CRL distribution point (CRL DP) is also called ____.

The initial creation of the public and private key pair is usually performed in the certificate authority's system.

____________________ occurs between the time of learning that the certificate should be revoked and the time that the revocation information is actually posted for the relying parties.

____________________ is the assurance of data privacy and is usually provided by symmetric cryptography using algorithms such as AES and 3DES.

Explain the main characteristics of indirect CRLs.

____ is a service that provides the assurance that an entity remains honest about its actions.

What are some of the common tasks of a registration authority?

The technical term "____" refers to communications that occur outside of previously established communications method or channel.

____ is the most common method of certificate revocation.

The core services provided by PKI are ____ , integrity and confidentiality.

A(n) ____ creates an immediate layer of abstraction for storing revocation information in a more flexible way.

What are the most common approaches to provide PKI client functionalities?

The most common method of entity authentication is a prompting for a user ID and password.