![]() |
Created by Angela Lipford
almost 7 years ago
|
|
Question | Answer |
Which X.509 cert cannot contain private keys and uses Base 64 format for encoding? | .P7B - MS OS and JAVA Tomcat Supports .P7B |
....BEGIN CERTIFICATE; END CERTIFICATE | PEM format is the most common used certificate; cert and private key in separate files |
Alternate to .CRT (Microsoft) | CER (UNIX and Unix-like) |
First Step in obtaining a certificate | Certificate Signing Request (CSR) |
Benefit of Online Status Protocol (OSCP) | It checks checks validate at the server level |
Secures many domains | Subject Alternative Name |
Key Escrow | Stores keys for future use |
Primary Advantage of the Certificate Authority (CA) | If the CA is compromised, only certificates issued by that CA and its children are compromised |
Certificate Chaining | To trust a certificate, the entity must trust each and every other certificate in the chain |
Purpose of a salt? | To remove effectiveness of rainbow table - precomputed hash values that are pre-matched to plaintext password |
Data in use is unencrypted when? | Data goes from at rest to in use |
Disadvantage to very strong key lengths | Take more time to generate |
Primary hurdle in securing low-power devices via cryptographic means ? | Cryptography is power - and CPU - intensive |
Finding plaintext messages that produce hash values of a message is what type of attack | Collusion |
First Successful algorithm for public key encryption and considered to be highly secure if sufficiently long keys is? | Rivest-Shamir-Adleman (RSA) |
Diffie-Hellman (DH) is | A technique for secure key exchange; DHE - DH variant using ephemeral keys; Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) - DH variant using elliptic curve and ephemeral keys |
Higher number DH groups have? | More secure keys and require more processing overhead; Once at group 19 elliptic curve starts |
Exclusive oring (XORing) is used to | Obfuscate malicious code |
What password salting mechanism does Blowfish use? | Bcrypt |
Rotate by 13 places (ROT13) mostly used for? | Teaching cryptographic concepts |
Digital Signature Algorithm (DSA) is used to | provide digital secures for messages - authentication and integrity |
PBKDF2 is used for | key stretching |
What cipher mode applies what Oring techniques to first plaintext block? | Cipher Block Chaining |
How does Electronic Cook Book cipher encrypt blocks | With the same key; |
Counter Mode (CTM) | encryption mode of operation where a counter value is used in place of an initialization vector (IV) |
Galois/Counter Mode (GCM) | encryption mode of operation that adds authentication to the standard encryption services of a cipher mode. |
Which hash function was developed by the open academic community? | RACE Integrity Primitives Evaluation Message Digest (RIPEMD); not particularly secure |
Which hashing algorithm is characterized by a 128-bit message digest but is considered to be weak and has since become a deprecated algorithm? | MD5 |
Captive Portals? | Webpage that is displayed to newly connected users before granting access to resources; using seen in public Wi-Fi |
What replaced TKIP to make WPA2 more secure? | Counter-Mode/CBC-Mac Protocol (CCMP) |
Port security protocol | 802.1X |
What replaced Lightwieght Extensible Authentication Protocol (LEAP)? | EAP-FAST |
Which authentication mechanism requires certificates? | EAP-TLS (client side) |
Which authentication mechanism dos not requires certificates? | EAP-TTLS; LEAP;EAP-FAST |
Protected Extensible Authentication Protocol (PEAP) is not technically an Extensible Authentication Protocol (EAP) method. What exactly is it? | It is a Secure Sockets Layer/Transport Layer Security (SSL/TLS) encapsulated EAP. |
Why is using WPA and TKIP a poor choice for secure wireless access points? | TKIP packets can be encrypted |
Pre-shared key (PSK) is a part of what authentication method | WPA2-Personal |
Wireless client authentication method for corporate wireless network? | WPA2-Enterprise |
Wildcard certificates secure | multiple subdomains |
Subject Alternative Names secure | multiple domains |
A certificate signing request (CSR) is used to create a certificate. What is the third party service used to receive the corresponding certificate | The certificate authority (CA) |
To fully prove ownship of a domiain need to have? | Extended validation certificate |
Certificate Pinning? | minimizes man-in-middle attacks; associates the certificate with the web server |
Weak validation of domain ownership? | Domain validation certificate - only proves a claim of ownership through a variety of methods, such as by emailing the contact in the domain's Whois records. |
What component makes website data secure for users | The certificate |
What must a system administrator initially do to set up a root certificate? | Self-sign the certificate |
What is the best method for securing communications for users to server systems? | User certs secure communications from user to servers |
Computer certificates protect? | Secure communications between server systems |
What certificate format is often used interchangeably with .P12 | .PFX |
Which certificate uses only the distinguished encoding rules format? | .DER |
What do we call subordinate certificates that increase security because they are not created from the root certificate? | Intermediate certificates |
An American company wants to sell its apps to users in the European Union. What must a developer do to validate their apps as legitimate to those users? | Use a code signing certificate |
There are no comments, be the first and leave one below:
Want to create your own Flashcards for free with GoConqr? Learn more.