Deck 6: Public Key Infrastructure

A)Key recovery
B)Key escrow
C)Key archiving system
D)Private key protection

A)It's a means of establishing the validity of an offer from a person,entity,web site or e-mail.
B)It's a centralized directory wherein registered keys are created and stored.
C)It's a means of establishing your credentials electronically when doing business or other transactions on the Web
D)It's an entity that generates electronic credentials and distributes them upon proving their identity sufficiently.

A)Version number,subject,public key,issuer,serial number,validity,certificate usage,signature algorithm,and extensions
B)Key encipherment,data encipherment,CRL sign,keycert sign,and nonrepudiation
C)End-entity,CA,cross-certification,and policy certification
D)CA identity,individual or party identification,company,and destination

A)The agreed upon,trusted third party
B)A scenario where one user needs to validate the other's certificate
C)A construct of systems,personnel,applications,protocols,technologies and policies that work together to provide a certain level of protection
D)A scenario in which the certificate's issuer and subject fields hold the same information

A)Cryptographic hardware is required for PKI construction.
B)The server that centrally stores the keys should not be available.
C)The private key must be computer generated and centrally stored.
D)Private keys must remain private.

A)Explore private key protection
B)Know certificate authorizations
C)Calculate a message digest for the certificate
D)Check out different types of public key infrastructures

A)Key recovery
B)Key escrow
C)Key archiving system
D)Private key protection

A)Centralized infrastructure
B)Decentralized infrastructure
C)Hybrid infrastructure
D)Peer-to-peer infrastructure

A)An entity that requires proof of identity from the individual requesting a certificate
B)An entity that generates a digitally signed identification certificate
C)A centralized directory in which the registered certificate is stored
D)An entity that generates electronic credentials

A)The CA is implemented,maintained,and controlled by the company that implemented it.
B)The CA is already established and being used by many individuals and companies.
C)The CA provides more flexibility for companies.
D)It provides dedicated services,and possibly equipment,to an individual company.

A)To eliminate certificate authorities
B)To provide identification to individuals and ensure availability
C)To provide a higher level of trust than can be obtained through other applications and protocols
D)To enable a centralized directory in which to store the registered certificate and distribute private keys to users requesting them

A)A CA that is already established and being used by many individuals and companies
B)A certificate authority that is maintained and controlled by the company that implemented it
C)A CA that provides dedicated services,and possibly equipment,to an individual company
D)A CA that provides more flexibility for companies

A)Two-factor authentication
B)Binary recovery
C)Dual control
D)Dual recovery

A)Make copies of the private key and keep it in several locations for redundancy.
B)The lifetime of the key should correspond with how often it is used and the sensitivity of the data it is protecting.
C)The key should be changed at the end of its lifetime and not used past its allowed lifetime.
D)The key should be properly destroyed at the end of its lifetime.

A)An entity that requires proof of identity from the individual requesting a certificate
B)An entity that generates a digitally signed identification certificate
C)A centralized directory in which the registered certificate is stored
D)An entity that generates electronic credentials

A)A structure that enables parties to use communications such as e-mail
B)A structure that provides all of the components needed for entities to communicate securely and in a predictable manner
C)A structure that enables secure communications in chat rooms,and when instant messaging and text messaging
D)Is another name for digital signatures

A)The key pairs and certificates do not have a set lifetime in centralized infrastructures.
B)The location where the cryptographic key is generated and stored is different.
C)The network administrator sets up the distribution points in centralized infrastructures.
D)In a decentralized infrastructure,the certificate may have an extended lifetime.

A)A directory that calculates a message digest for the certificate
B)An entity that generates electronic credentials
C)A directory that requires a centralized infrastructure
D)A centralized directory in which the registered certificate is stored

A)The key should be stored securely.
B)The key should be shared only with others you trust.
C)Authentication should be required before the key can be used.
D)The key should be transported securely.

A)All keys are compromised.
B)Changed affiliation.
C)An extended vacation.
D)The certificate is no longer needed,but no reason exists to suspect that it has been compromised.

A)Subordinate CAs and end users would be unaffected.
B)Subordinate CAs would also be compromised,but users would be unaffected.
C)Subordinate CAs and end users would be affected.
D)Only the root CA would be affected.

A)You can be sure of the certificate's validity indefinitely.
B)You can be sure of the certificate's validity until the expiration date.
C)You cannot be sure of the certificate's validity and must check the CRL each time before use.
D)You cannot be sure of the certificate's validity and must check the RA each time before use.

A)Outsourced services can be used by hundreds of companies.
B)Outsourced services provide dedicated services and equipment to individual companies.
C)Outsourced services do not maintain specific servers and infrastructures for individual companies.
D)Outsourced services are different in name only.They are essentially the same thing.

A)Hybrid
B)Star
C)Peer-to-peer
D)Hierarchical