Exam 23: Internet Authentication Applications

One of the earliest and most widely used services is _________.

________ is a process where authentication and permission will be passed on from one system to another, usually across multiple enterprises, reducing the number of authentications needed by the user.

_______ systems are automated methods of verifying or recognizing identity on the basis of some physiological or behavioral characteristic.

The authentication server shares a unique secret key with each server.

The _______ consists of two dates: the first and last on which the certificate is valid.

CMP, defined in RFC 2510, is designed to be a flexible protocol ableto accommodate a variety of technical, operational, and business models.

The certification _________ is the issuer of certificates and certificate revocation lists.

Kerberos is designed to counter only one specific threat to the securityof a client/server dialogue.

The focus of _________ is defining an identity for each user, associating attributes with the identity, and enforcing a means by which a user can verify identity.

An obvious security risk is that of impersonation.

The ticket-granting ticket is encrypted with a secret key known only tothe AS and the TGS.

A software utility initially developed at MIT and available both in the public domain and in commercially supported versions, ________ is the defacto standard for remote authentication.

_______ is a minimal set of conventions for invoking code using XML over HTTP that enables applications to request services from one another with XML-based requests and receive responses as data formatted with XML.

Because serial numbers are unique within a CA, the serial number issufficient to identify the certificate.

In a generic identity management architecture _______ are entities that obtain and employ data maintained and provided by identity and attribute providers, often to support authorization decisions and to collect audit information.

Kerberos does not support interrealm authentication.

The ticket-granting ticket is not reusable.

The principal objective for developing a PKI is to enable secure,convenient, and efficient acquisition of private keys.

A _______ is a generic term used to denote any method for storing certificates and CRLs so that they can be retrieved by end entities.

_______ is important as part of the directory service that it supports and is also a basic building block used in other standards.