Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 4: Advanced Cryptography and PKI

Full screen (f)
exit full mode
Question
A user electronically signs a Certificate Signing Request (CSR)by affixing their public key and then sending it to an intermediate certificate authority.
Use Space or
up arrow
down arrow
to flip the card.
Question
A digital certificate is a technology used to associate a user's identity to a private key.
Question
SSL v3.0 served as the basis for TLS v1.0.
Question
A framework for all of the entities involved in digital certificates for digital certificate management is known as:

A)public key infrastructure
B)network key infrastructure
C)private key infrastructure
D)shared key infrastructure
Question
What type of trust model is used as the basis for most digital certificates used on the Internet?

A)third-party trust
B)related trust
C)managed trust
D)distributed trust
Question
A document that describes in detail how a CA uses and manages certificates,as well as how end users register for a digital certificate,is known as?

A)Certificate practice statement (CPS)
B)Certificate policy (CP)
C)Lifecycle policy (LP)
D)Access policy (AP)
Question
When two individuals trust each other because of the trust that exists between the individuals and a separate entity,what type of trust has been established?

A)web of
B)mutual
C)third-party
D)distributed
Question
What kind of digital certificate is typically used to ensure the authenticity of a web server to a client?

A)private
B)web server
C)public web
D)web client
Question
At what stage can a certificate no longer be used for any type of authentication?

A)creation
B)suspension
C)revocation
D)expiration
Question
What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs?

A)bridge trust
B)distributed trust
C)third-party trust
D)transitive trust
Question
Digital certificates should last forever.
Question
The process by which keys are managed by a third party,such as a trusted CA,is known as?

A)key escrow
B)key destruction
C)key renewal
D)key management
Question
A certificate repository (CR)is a publicly accessible centralized directory of digital certificates.
Question
Stream ciphers work on multiple characters at a time.
Question
A Subject Alternative Name (SAN)digital certificate,is also known as a Unified Communications Certificate (UCC).
Question
Some CAs issue only entry-level certificates that provide domain-only validation.
Question
Some cryptographic algorithms require that in addition to a key another value can or must be input.
Question
Root digital certificates are should never be self-signed.
Question
Select the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates:

A)Registration Authority
B)Delegation Authority
C)Certification Authority
D)Participation Authority
Question
What term best represents the resiliency of a cryptographic key to attacks?

A)key bits
B)key resiliency
C)key strength
D)key space
Question
What process will remove all private and public keys along with the user's identification information in the CA?

A)suspension
B)deletion
C)destruction
D)revocation
Question
Which of the following certificates verifies the identity of the entity that has control over the domain name?

A)validation digital certificate
B)root digital certificates
C)domain validation digital certificate
D)web digital certificates
Question
What common method is used to ensure the security and integrity of a root CA?

A)Keep it in an offline state from the network.
B)Only use the root CA infrequently.
C)Password protect the root CA
D)Keep it in an online state and encrypt it.
Question
What allows an application to implement an encryption algorithm for execution?

A)counters
B)crypto service providers
C)initialization vectors
D)crypto modules
Question
What block cipher mode of operation uses the most basic approach where the plaintext is divided into blocks,and each block is then encrypted separately?

A)Electronic Code Book
B)Galois/Counter
C)Cipher Block Chaining
D)Counter
Question
What is a value that can be used to ensure that plaintext,when hashed,will not consistently result in the same digest?

A)salt
B)initialization vector
C)counter
D)nonce
Question
What protocol,developed by Netscape in 1994,is designed to create an encrypted data path between a client and server that could be used on any platform or operating system?

A)SSL
B)TLS
C)PEAP
D)EAP
Question
Which of the following is an input value that must be unique within some specified scope,such as for a given period or an entire session?

A)salt
B)initialization vector
C)counter
D)nonce
Question
What cryptographic transport algorithm is considered to be significantly more secure than SSL?

A)AES
B)HTTPS
C)ESSL
D)TLS
Question
Which of the following certificates are self-signed?

A)trusted digital certificates
B)root digital certificates
C)web digital certificates
D)user digital certificate
Question
What length SSL and TLS keys are generally considered to be strong?

A)128
B)1024
C)2048
D)4096
Question
Which of the following is an enhanced type of domain digital certificate?

A)Primary Validation
B)Extended Validation
C)Authorized Validation
D)Trusted Validation
Question
Select the secure alternative to the telnet protocol:

A)HTTPS
B)TLS
C)IPsec
D)SSH
Question
Why is IPsec considered to be a transparent security protocol?

A)IPsec packets can be viewed by anyone.
B)IPsec is designed to not require modifications of programs,or additional training,or additional client setup.
C)IPsec's design and packet header contents are open sourced technologies.
D)IPsec uses the Transparent Encryption (TE)algorithm.
Question
The Authentication Header (AH)protocol is a part of what encryption protocol suite below?

A)TLS 3.0
B)IPSec
C)GPG
D)SSL
Question
Which of the following is a valid way to check the status of a certificate? (Choose all that apply. )

A)Online Certificate Status Protocol
B)Certificate Revocation Authority
C)Certificate Revocation List
D)Revocation List Protocol
Question
What process links several certificates together to establish trust between all the certificates involved?

A)certificate pairing
B)certificate linking
C)certificate joining
D)certificate chaining
Question
What block cipher mode of operation encrypts plaintext and computes a message authentication code to ensure that the message was created by the sender and that it was not tampered with during transmission?

A)Electronic Code Book
B)Galois/Counter
C)Cipher Block Chaining
D)Counter
Question
What is used to create session keys?

A)master secret
B)crypto modules
C)validation
D)domain validation
Question
What protocol below supports two encryption modes: transport and tunnel?

A)HTTPS
B)IPSec
C)SSL
D)TLS
Question
Explain how digital certificates are managed.
Question
What protocol uses SSL or TLS to secure communications between a browser and a web server?
Question
List the three PKI trust models that use a CA.
Question
What are the three areas of protection provided by IPSEC?
Question
What is the S/MIME protocol used for?
Question
What is a cryptographic key?
Question
Explain how Cipher Block Chaining (CBC)operates.
Question
What is a cipher suite?
Question
List the four stages of a certificate life cycle.
Question
What role does a key recovery agent fulfill in an enterprise environment?
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 4: Advanced Cryptography and PKI
1
A user electronically signs a Certificate Signing Request (CSR)by affixing their public key and then sending it to an intermediate certificate authority.
True
2
A digital certificate is a technology used to associate a user's identity to a private key.
False
3
SSL v3.0 served as the basis for TLS v1.0.
True
4
A framework for all of the entities involved in digital certificates for digital certificate management is known as:

A)public key infrastructure
B)network key infrastructure
C)private key infrastructure
D)shared key infrastructure
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
What type of trust model is used as the basis for most digital certificates used on the Internet?

A)third-party trust
B)related trust
C)managed trust
D)distributed trust
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
A document that describes in detail how a CA uses and manages certificates,as well as how end users register for a digital certificate,is known as?

A)Certificate practice statement (CPS)
B)Certificate policy (CP)
C)Lifecycle policy (LP)
D)Access policy (AP)
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
When two individuals trust each other because of the trust that exists between the individuals and a separate entity,what type of trust has been established?

A)web of
B)mutual
C)third-party
D)distributed
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
What kind of digital certificate is typically used to ensure the authenticity of a web server to a client?

A)private
B)web server
C)public web
D)web client
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
At what stage can a certificate no longer be used for any type of authentication?

A)creation
B)suspension
C)revocation
D)expiration
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs?

A)bridge trust
B)distributed trust
C)third-party trust
D)transitive trust
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
Digital certificates should last forever.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
The process by which keys are managed by a third party,such as a trusted CA,is known as?

A)key escrow
B)key destruction
C)key renewal
D)key management
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
A certificate repository (CR)is a publicly accessible centralized directory of digital certificates.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
Stream ciphers work on multiple characters at a time.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
A Subject Alternative Name (SAN)digital certificate,is also known as a Unified Communications Certificate (UCC).
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
Some CAs issue only entry-level certificates that provide domain-only validation.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
Some cryptographic algorithms require that in addition to a key another value can or must be input.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
Root digital certificates are should never be self-signed.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
Select the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates:

A)Registration Authority
B)Delegation Authority
C)Certification Authority
D)Participation Authority
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
What term best represents the resiliency of a cryptographic key to attacks?

A)key bits
B)key resiliency
C)key strength
D)key space
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
What process will remove all private and public keys along with the user's identification information in the CA?

A)suspension
B)deletion
C)destruction
D)revocation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
Which of the following certificates verifies the identity of the entity that has control over the domain name?

A)validation digital certificate
B)root digital certificates
C)domain validation digital certificate
D)web digital certificates
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
What common method is used to ensure the security and integrity of a root CA?

A)Keep it in an offline state from the network.
B)Only use the root CA infrequently.
C)Password protect the root CA
D)Keep it in an online state and encrypt it.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
What allows an application to implement an encryption algorithm for execution?

A)counters
B)crypto service providers
C)initialization vectors
D)crypto modules
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
What block cipher mode of operation uses the most basic approach where the plaintext is divided into blocks,and each block is then encrypted separately?

A)Electronic Code Book
B)Galois/Counter
C)Cipher Block Chaining
D)Counter
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
What is a value that can be used to ensure that plaintext,when hashed,will not consistently result in the same digest?

A)salt
B)initialization vector
C)counter
D)nonce
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
What protocol,developed by Netscape in 1994,is designed to create an encrypted data path between a client and server that could be used on any platform or operating system?

A)SSL
B)TLS
C)PEAP
D)EAP
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
Which of the following is an input value that must be unique within some specified scope,such as for a given period or an entire session?

A)salt
B)initialization vector
C)counter
D)nonce
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
What cryptographic transport algorithm is considered to be significantly more secure than SSL?

A)AES
B)HTTPS
C)ESSL
D)TLS
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
Which of the following certificates are self-signed?

A)trusted digital certificates
B)root digital certificates
C)web digital certificates
D)user digital certificate
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
What length SSL and TLS keys are generally considered to be strong?

A)128
B)1024
C)2048
D)4096
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
Which of the following is an enhanced type of domain digital certificate?

A)Primary Validation
B)Extended Validation
C)Authorized Validation
D)Trusted Validation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
Select the secure alternative to the telnet protocol:

A)HTTPS
B)TLS
C)IPsec
D)SSH
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
Why is IPsec considered to be a transparent security protocol?

A)IPsec packets can be viewed by anyone.
B)IPsec is designed to not require modifications of programs,or additional training,or additional client setup.
C)IPsec's design and packet header contents are open sourced technologies.
D)IPsec uses the Transparent Encryption (TE)algorithm.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
The Authentication Header (AH)protocol is a part of what encryption protocol suite below?

A)TLS 3.0
B)IPSec
C)GPG
D)SSL
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
Which of the following is a valid way to check the status of a certificate? (Choose all that apply. )

A)Online Certificate Status Protocol
B)Certificate Revocation Authority
C)Certificate Revocation List
D)Revocation List Protocol
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
What process links several certificates together to establish trust between all the certificates involved?

A)certificate pairing
B)certificate linking
C)certificate joining
D)certificate chaining
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
What block cipher mode of operation encrypts plaintext and computes a message authentication code to ensure that the message was created by the sender and that it was not tampered with during transmission?

A)Electronic Code Book
B)Galois/Counter
C)Cipher Block Chaining
D)Counter
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
What is used to create session keys?

A)master secret
B)crypto modules
C)validation
D)domain validation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
What protocol below supports two encryption modes: transport and tunnel?

A)HTTPS
B)IPSec
C)SSL
D)TLS
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
Explain how digital certificates are managed.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
What protocol uses SSL or TLS to secure communications between a browser and a web server?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
List the three PKI trust models that use a CA.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
What are the three areas of protection provided by IPSEC?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
What is the S/MIME protocol used for?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
What is a cryptographic key?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
Explain how Cipher Block Chaining (CBC)operates.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
What is a cipher suite?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
List the four stages of a certificate life cycle.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
What role does a key recovery agent fulfill in an enterprise environment?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree