Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 3: Essential Public Key Infrastructure

Full screen (f)
exit full mode
Question
12)If a CA creates a certificate that is signed by its own private key, it is commonly known as a(n) ____.

A) intermediate CA
B) self-signed CA
C) mid-level CA
D) domain CA
Use Space or
up arrow
down arrow
to flip the card.
Question
1)The foundation of PKI was established approximately 30 years ago with the invention of private key cryptography.
Question
7)The core services provided by PKI are ____ , integrity and confidentiality.

A) authentication
B) authorization
C) availability
D) nonrepudiation
Question
2)The most common method of entity authentication is a prompting for a user ID and password.
Question
13)A CA certificate signed by another CA's private key is referred as a(n) ____ .

A) self-signed CA
B) root CA
C) intermediate CA
D) top-level CA
Question
20)The ____ phase ensures that the private key and public key certificates created are used correctly and efficiently in the PKI community.

A) registration
B) issued
C) initialization
D) cancellation
Question
6)Digital signature provides not only data origin authentication but also data ____.

A) availability
B) entity confidentiality
C) integrity
D) confidentiality
Question
3)The fundamental premise of public key cryptography is to provide secure communication between strangers.
Question
11)____ is the certification of a document as authentic and true by a public official known as a "notary public."

A) Trusted source
B) Nonrepudiation
C) Authentication
D) Notarization
Question
15)A(n) ____ creates key pairs and also implements backup and recovery of private keys.

A) CRL server
B) certificate bank
C) key management server
D) OCSP server
Question
14)Any method of publishing a certificate without a network-access protocol can be classified as ____ sharing.

A) in-line
B) real-time
C) mail-based
D) out-of-band
Question
9)The technical term "____" refers to communications that occur outside of previously established communications method or channel.

A) real-time
B) in-line
C) in-band
D) out-of-band
Question
5)Key and certificate life cycle management must be in place to enable public key cryptography to be used correctly.
Question
16)An X.509 v3 certificate ____ extension is a bit string used to indicate the usage supported by the public key of this certificate.

A) certificate policies
B) key usage
C) private key usage period
D) policy mappings
Question
10)____ is a service that provides the assurance that an entity remains honest about its actions.

A) Nonrepudiation
B) Availability
C) Integrity
D) Confidence
Question
8)____ authentication means that only a single assurance method is used for authentication.

A) Simple
B) Single-factor
C) Entity
D) Data origin
Question
18)The ____ is intended for displaying information to a replying party when a certificate is used.

A) URI qualifier
B) CPS pointer
C) user notice qualifier
D) OID statement
Question
4)The initial creation of the public and private key pair is usually performed in the certificate authority's system.
Question
17)____ is a critical extension only applicable for CA certificates. It is composed of two fields called permitted subtrees and excluded subtrees.

A) Name constraints
B) Policy mappings
C) Policy constraints
D) Basic constraints
Question
19)____ is the process in which the identity of an end entity is established and verified.

A) Registration
B) Keying material generation
C) Certificate creation
D) Certificate distribution
Question
39)Briefly describe the main characteristics of an authority revocation list.
Question
34)What are the four assurance methods? Give examples of each.
Question
23)____ is a publishing method in which revocation information is updated and posted for entities in the PKI community to obtain.

A) OCSP
B) CPS
C) PKCS
D) CRL
Question
27)____________________ is the assurance that an entity is who it claims to be.
Question
35)Alice is sending a message to Bob. How can Alice ensure data integrity?
Question
36)What are some of the common tasks of a registration authority?
Question
What are the most common approaches to provide PKI client functionalities?
Question
38)Briefly explain the certificate expiration task of the key and certificate life cycle management cancellation phase.
Question
26)The PKIX Working Group was established in the fall of 1995 under the standard organization ____.

A) ACM
B) ISO
C) IEEE
D) IETF
Question
21)The key and certificate life cycle management concludes with the ____ phase.

A) issued
B) registration
C) certification
D) cancellation
Question
41)What are the three most common methods for implementing Delta CRL?
Question
25)A(n) ____ creates an immediate layer of abstraction for storing revocation information in a more flexible way.

A) partitioned CRL
B) complete CRL
C) redirect CRL
D) indirect CRL
Question
22)____ is the most common method of certificate revocation.

A) CRL
B) OCSP
C) ODI
D) CPS
Question
29)The _________________________ is the centerpiece and the most critical component of a PKI.
Question
28)____________________ is the assurance of data privacy and is usually provided by symmetric cryptography using algorithms such as AES and 3DES.
Question
40)What are the steps required to use a CRL DP?
Question
31)____________________ occurs between the time of learning that the certificate should be revoked and the time that the revocation information is actually posted for the relying parties.
Question
24)CRL distribution point (CRL DP) is also called ____.

A) complete CRL
B) partitioned CRL
C) ARL CRL
D) indirect CRL
Question
30)A(n) ____________________ provides a common trusted source for anyone in the PKI community to retrieve certificates.
Question
33)What are the general requirements a security infrastructure must satisfy?
Question
Match between columns
Premises:
Responses:
a list of certificates that have been revoked and should not be used
Complete CRL
a list of certificates that have been revoked and should not be used
Infrastructure
a list of certificates that have been revoked and should not be used
CA domain
a list of certificates that have been revoked and should not be used
Entity authentication
a list of certificates that have been revoked and should not be used
S/MIME
a list of certificates that have been revoked and should not be used
Certificate repository
a list of certificates that have been revoked and should not be used
CPS pointer
a list of certificates that have been revoked and should not be used
Key history
a list of certificates that have been revoked and should not be used
CRL
a uniform resource identifier (URI) that points to a CPS published by the issuing CA
Complete CRL
a uniform resource identifier (URI) that points to a CPS published by the issuing CA
Infrastructure
a uniform resource identifier (URI) that points to a CPS published by the issuing CA
CA domain
a uniform resource identifier (URI) that points to a CPS published by the issuing CA
Entity authentication
a uniform resource identifier (URI) that points to a CPS published by the issuing CA
S/MIME
a uniform resource identifier (URI) that points to a CPS published by the issuing CA
Certificate repository
a uniform resource identifier (URI) that points to a CPS published by the issuing CA
CPS pointer
a uniform resource identifier (URI) that points to a CPS published by the issuing CA
Key history
a uniform resource identifier (URI) that points to a CPS published by the issuing CA
CRL
provides identification of the specific entity involved
Complete CRL
provides identification of the specific entity involved
Infrastructure
provides identification of the specific entity involved
CA domain
provides identification of the specific entity involved
Entity authentication
provides identification of the specific entity involved
S/MIME
provides identification of the specific entity involved
Certificate repository
provides identification of the specific entity involved
CPS pointer
provides identification of the specific entity involved
Key history
provides identification of the specific entity involved
CRL
the community served by a CA
Complete CRL
the community served by a CA
Infrastructure
the community served by a CA
CA domain
the community served by a CA
Entity authentication
the community served by a CA
S/MIME
the community served by a CA
Certificate repository
the community served by a CA
CPS pointer
the community served by a CA
Key history
the community served by a CA
CRL
a process that reliably and securely stores keying material even though the certificate is expired
Complete CRL
a process that reliably and securely stores keying material even though the certificate is expired
Infrastructure
a process that reliably and securely stores keying material even though the certificate is expired
CA domain
a process that reliably and securely stores keying material even though the certificate is expired
Entity authentication
a process that reliably and securely stores keying material even though the certificate is expired
S/MIME
a process that reliably and securely stores keying material even though the certificate is expired
Certificate repository
a process that reliably and securely stores keying material even though the certificate is expired
CPS pointer
a process that reliably and securely stores keying material even though the certificate is expired
Key history
a process that reliably and securely stores keying material even though the certificate is expired
CRL
the underlying foundation or basic framework for a large environment
Complete CRL
the underlying foundation or basic framework for a large environment
Infrastructure
the underlying foundation or basic framework for a large environment
CA domain
the underlying foundation or basic framework for a large environment
Entity authentication
the underlying foundation or basic framework for a large environment
S/MIME
the underlying foundation or basic framework for a large environment
Certificate repository
the underlying foundation or basic framework for a large environment
CPS pointer
the underlying foundation or basic framework for a large environment
Key history
the underlying foundation or basic framework for a large environment
CRL
the simplest form of CRL
Complete CRL
the simplest form of CRL
Infrastructure
the simplest form of CRL
CA domain
the simplest form of CRL
Entity authentication
the simplest form of CRL
S/MIME
the simplest form of CRL
Certificate repository
the simplest form of CRL
CPS pointer
the simplest form of CRL
Key history
the simplest form of CRL
CRL
publishes certificates so that users can find them
Complete CRL
publishes certificates so that users can find them
Infrastructure
publishes certificates so that users can find them
CA domain
publishes certificates so that users can find them
Entity authentication
publishes certificates so that users can find them
S/MIME
publishes certificates so that users can find them
Certificate repository
publishes certificates so that users can find them
CPS pointer
publishes certificates so that users can find them
Key history
publishes certificates so that users can find them
CRL
provides a consistent way to send and receive secure MIME data in e-mail
Complete CRL
provides a consistent way to send and receive secure MIME data in e-mail
Infrastructure
provides a consistent way to send and receive secure MIME data in e-mail
CA domain
provides a consistent way to send and receive secure MIME data in e-mail
Entity authentication
provides a consistent way to send and receive secure MIME data in e-mail
S/MIME
provides a consistent way to send and receive secure MIME data in e-mail
Certificate repository
provides a consistent way to send and receive secure MIME data in e-mail
CPS pointer
provides a consistent way to send and receive secure MIME data in e-mail
Key history
provides a consistent way to send and receive secure MIME data in e-mail
CRL
Question
42)Explain the main characteristics of indirect CRLs.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/42
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 3: Essential Public Key Infrastructure
1
12)If a CA creates a certificate that is signed by its own private key, it is commonly known as a(n) ____.

A) intermediate CA
B) self-signed CA
C) mid-level CA
D) domain CA
B
2
1)The foundation of PKI was established approximately 30 years ago with the invention of private key cryptography.
False
3
7)The core services provided by PKI are ____ , integrity and confidentiality.

A) authentication
B) authorization
C) availability
D) nonrepudiation
A
4
2)The most common method of entity authentication is a prompting for a user ID and password.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
5
13)A CA certificate signed by another CA's private key is referred as a(n) ____ .

A) self-signed CA
B) root CA
C) intermediate CA
D) top-level CA
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
6
20)The ____ phase ensures that the private key and public key certificates created are used correctly and efficiently in the PKI community.

A) registration
B) issued
C) initialization
D) cancellation
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
7
6)Digital signature provides not only data origin authentication but also data ____.

A) availability
B) entity confidentiality
C) integrity
D) confidentiality
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
8
3)The fundamental premise of public key cryptography is to provide secure communication between strangers.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
9
11)____ is the certification of a document as authentic and true by a public official known as a "notary public."

A) Trusted source
B) Nonrepudiation
C) Authentication
D) Notarization
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
10
15)A(n) ____ creates key pairs and also implements backup and recovery of private keys.

A) CRL server
B) certificate bank
C) key management server
D) OCSP server
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
11
14)Any method of publishing a certificate without a network-access protocol can be classified as ____ sharing.

A) in-line
B) real-time
C) mail-based
D) out-of-band
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
12
9)The technical term "____" refers to communications that occur outside of previously established communications method or channel.

A) real-time
B) in-line
C) in-band
D) out-of-band
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
13
5)Key and certificate life cycle management must be in place to enable public key cryptography to be used correctly.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
14
16)An X.509 v3 certificate ____ extension is a bit string used to indicate the usage supported by the public key of this certificate.

A) certificate policies
B) key usage
C) private key usage period
D) policy mappings
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
15
10)____ is a service that provides the assurance that an entity remains honest about its actions.

A) Nonrepudiation
B) Availability
C) Integrity
D) Confidence
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
16
8)____ authentication means that only a single assurance method is used for authentication.

A) Simple
B) Single-factor
C) Entity
D) Data origin
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
17
18)The ____ is intended for displaying information to a replying party when a certificate is used.

A) URI qualifier
B) CPS pointer
C) user notice qualifier
D) OID statement
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
18
4)The initial creation of the public and private key pair is usually performed in the certificate authority's system.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
19
17)____ is a critical extension only applicable for CA certificates. It is composed of two fields called permitted subtrees and excluded subtrees.

A) Name constraints
B) Policy mappings
C) Policy constraints
D) Basic constraints
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
20
19)____ is the process in which the identity of an end entity is established and verified.

A) Registration
B) Keying material generation
C) Certificate creation
D) Certificate distribution
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
21
39)Briefly describe the main characteristics of an authority revocation list.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
22
34)What are the four assurance methods? Give examples of each.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
23
23)____ is a publishing method in which revocation information is updated and posted for entities in the PKI community to obtain.

A) OCSP
B) CPS
C) PKCS
D) CRL
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
24
27)____________________ is the assurance that an entity is who it claims to be.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
25
35)Alice is sending a message to Bob. How can Alice ensure data integrity?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
26
36)What are some of the common tasks of a registration authority?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
27
What are the most common approaches to provide PKI client functionalities?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
28
38)Briefly explain the certificate expiration task of the key and certificate life cycle management cancellation phase.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
29
26)The PKIX Working Group was established in the fall of 1995 under the standard organization ____.

A) ACM
B) ISO
C) IEEE
D) IETF
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
30
21)The key and certificate life cycle management concludes with the ____ phase.

A) issued
B) registration
C) certification
D) cancellation
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
31
41)What are the three most common methods for implementing Delta CRL?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
32
25)A(n) ____ creates an immediate layer of abstraction for storing revocation information in a more flexible way.

A) partitioned CRL
B) complete CRL
C) redirect CRL
D) indirect CRL
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
33
22)____ is the most common method of certificate revocation.

A) CRL
B) OCSP
C) ODI
D) CPS
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
34
29)The _________________________ is the centerpiece and the most critical component of a PKI.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
35
28)____________________ is the assurance of data privacy and is usually provided by symmetric cryptography using algorithms such as AES and 3DES.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
36
40)What are the steps required to use a CRL DP?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
37
31)____________________ occurs between the time of learning that the certificate should be revoked and the time that the revocation information is actually posted for the relying parties.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
38
24)CRL distribution point (CRL DP) is also called ____.

A) complete CRL
B) partitioned CRL
C) ARL CRL
D) indirect CRL
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
39
30)A(n) ____________________ provides a common trusted source for anyone in the PKI community to retrieve certificates.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
40
33)What are the general requirements a security infrastructure must satisfy?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
41
Match between columns
Premises:
Responses:
a list of certificates that have been revoked and should not be used
Complete CRL
a list of certificates that have been revoked and should not be used
Infrastructure
a list of certificates that have been revoked and should not be used
CA domain
a list of certificates that have been revoked and should not be used
Entity authentication
a list of certificates that have been revoked and should not be used
S/MIME
a list of certificates that have been revoked and should not be used
Certificate repository
a list of certificates that have been revoked and should not be used
CPS pointer
a list of certificates that have been revoked and should not be used
Key history
a list of certificates that have been revoked and should not be used
CRL
a uniform resource identifier (URI) that points to a CPS published by the issuing CA
Complete CRL
a uniform resource identifier (URI) that points to a CPS published by the issuing CA
Infrastructure
a uniform resource identifier (URI) that points to a CPS published by the issuing CA
CA domain
a uniform resource identifier (URI) that points to a CPS published by the issuing CA
Entity authentication
a uniform resource identifier (URI) that points to a CPS published by the issuing CA
S/MIME
a uniform resource identifier (URI) that points to a CPS published by the issuing CA
Certificate repository
a uniform resource identifier (URI) that points to a CPS published by the issuing CA
CPS pointer
a uniform resource identifier (URI) that points to a CPS published by the issuing CA
Key history
a uniform resource identifier (URI) that points to a CPS published by the issuing CA
CRL
provides identification of the specific entity involved
Complete CRL
provides identification of the specific entity involved
Infrastructure
provides identification of the specific entity involved
CA domain
provides identification of the specific entity involved
Entity authentication
provides identification of the specific entity involved
S/MIME
provides identification of the specific entity involved
Certificate repository
provides identification of the specific entity involved
CPS pointer
provides identification of the specific entity involved
Key history
provides identification of the specific entity involved
CRL
the community served by a CA
Complete CRL
the community served by a CA
Infrastructure
the community served by a CA
CA domain
the community served by a CA
Entity authentication
the community served by a CA
S/MIME
the community served by a CA
Certificate repository
the community served by a CA
CPS pointer
the community served by a CA
Key history
the community served by a CA
CRL
a process that reliably and securely stores keying material even though the certificate is expired
Complete CRL
a process that reliably and securely stores keying material even though the certificate is expired
Infrastructure
a process that reliably and securely stores keying material even though the certificate is expired
CA domain
a process that reliably and securely stores keying material even though the certificate is expired
Entity authentication
a process that reliably and securely stores keying material even though the certificate is expired
S/MIME
a process that reliably and securely stores keying material even though the certificate is expired
Certificate repository
a process that reliably and securely stores keying material even though the certificate is expired
CPS pointer
a process that reliably and securely stores keying material even though the certificate is expired
Key history
a process that reliably and securely stores keying material even though the certificate is expired
CRL
the underlying foundation or basic framework for a large environment
Complete CRL
the underlying foundation or basic framework for a large environment
Infrastructure
the underlying foundation or basic framework for a large environment
CA domain
the underlying foundation or basic framework for a large environment
Entity authentication
the underlying foundation or basic framework for a large environment
S/MIME
the underlying foundation or basic framework for a large environment
Certificate repository
the underlying foundation or basic framework for a large environment
CPS pointer
the underlying foundation or basic framework for a large environment
Key history
the underlying foundation or basic framework for a large environment
CRL
the simplest form of CRL
Complete CRL
the simplest form of CRL
Infrastructure
the simplest form of CRL
CA domain
the simplest form of CRL
Entity authentication
the simplest form of CRL
S/MIME
the simplest form of CRL
Certificate repository
the simplest form of CRL
CPS pointer
the simplest form of CRL
Key history
the simplest form of CRL
CRL
publishes certificates so that users can find them
Complete CRL
publishes certificates so that users can find them
Infrastructure
publishes certificates so that users can find them
CA domain
publishes certificates so that users can find them
Entity authentication
publishes certificates so that users can find them
S/MIME
publishes certificates so that users can find them
Certificate repository
publishes certificates so that users can find them
CPS pointer
publishes certificates so that users can find them
Key history
publishes certificates so that users can find them
CRL
provides a consistent way to send and receive secure MIME data in e-mail
Complete CRL
provides a consistent way to send and receive secure MIME data in e-mail
Infrastructure
provides a consistent way to send and receive secure MIME data in e-mail
CA domain
provides a consistent way to send and receive secure MIME data in e-mail
Entity authentication
provides a consistent way to send and receive secure MIME data in e-mail
S/MIME
provides a consistent way to send and receive secure MIME data in e-mail
Certificate repository
provides a consistent way to send and receive secure MIME data in e-mail
CPS pointer
provides a consistent way to send and receive secure MIME data in e-mail
Key history
provides a consistent way to send and receive secure MIME data in e-mail
CRL
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
42
42)Explain the main characteristics of indirect CRLs.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree