14893909
Descrição
FlashCards por Angela Lipford, atualizado more than 1 year ago
|
Criado por Angela Lipford
mais de 7 anos atrás
|
|
| Questão | Responda |
| Which X.509 cert cannot contain private keys and uses Base 64 format for encoding? | .P7B - MS OS and JAVA Tomcat Supports .P7B |
| ....BEGIN CERTIFICATE; END CERTIFICATE | PEM format is the most common used certificate; cert and private key in separate files |
| Alternate to .CRT (Microsoft) | CER (UNIX and Unix-like) |
| First Step in obtaining a certificate | Certificate Signing Request (CSR) |
| Benefit of Online Status Protocol (OSCP) | It checks checks validate at the server level |
| Secures many domains | Subject Alternative Name |
| Key Escrow | Stores keys for future use |
| Primary Advantage of the Certificate Authority (CA) | If the CA is compromised, only certificates issued by that CA and its children are compromised |
| Certificate Chaining | To trust a certificate, the entity must trust each and every other certificate in the chain |
| Purpose of a salt? | To remove effectiveness of rainbow table - precomputed hash values that are pre-matched to plaintext password |
| Data in use is unencrypted when? | Data goes from at rest to in use |
| Disadvantage to very strong key lengths | Take more time to generate |
| Primary hurdle in securing low-power devices via cryptographic means ? | Cryptography is power - and CPU - intensive |
| Finding plaintext messages that produce hash values of a message is what type of attack | Collusion |
| First Successful algorithm for public key encryption and considered to be highly secure if sufficiently long keys is? | Rivest-Shamir-Adleman (RSA) |
| Diffie-Hellman (DH) is | A technique for secure key exchange; DHE - DH variant using ephemeral keys; Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) - DH variant using elliptic curve and ephemeral keys |
| Higher number DH groups have? | More secure keys and require more processing overhead; Once at group 19 elliptic curve starts |
| Exclusive oring (XORing) is used to | Obfuscate malicious code |
| What password salting mechanism does Blowfish use? | Bcrypt |
| Rotate by 13 places (ROT13) mostly used for? | Teaching cryptographic concepts |
| Digital Signature Algorithm (DSA) is used to | provide digital secures for messages - authentication and integrity |
| PBKDF2 is used for | key stretching |
| What cipher mode applies what Oring techniques to first plaintext block? | Cipher Block Chaining |
| How does Electronic Cook Book cipher encrypt blocks | With the same key; |
| Counter Mode (CTM) | encryption mode of operation where a counter value is used in place of an initialization vector (IV) |
| Galois/Counter Mode (GCM) | encryption mode of operation that adds authentication to the standard encryption services of a cipher mode. |
| Which hash function was developed by the open academic community? | RACE Integrity Primitives Evaluation Message Digest (RIPEMD); not particularly secure |
| Which hashing algorithm is characterized by a 128-bit message digest but is considered to be weak and has since become a deprecated algorithm? | MD5 |
| Captive Portals? | Webpage that is displayed to newly connected users before granting access to resources; using seen in public Wi-Fi |
| What replaced TKIP to make WPA2 more secure? | Counter-Mode/CBC-Mac Protocol (CCMP) |
| Port security protocol | 802.1X |
| What replaced Lightwieght Extensible Authentication Protocol (LEAP)? | EAP-FAST |
| Which authentication mechanism requires certificates? | EAP-TLS (client side) |
| Which authentication mechanism dos not requires certificates? | EAP-TTLS; LEAP;EAP-FAST |
| Protected Extensible Authentication Protocol (PEAP) is not technically an Extensible Authentication Protocol (EAP) method. What exactly is it? | It is a Secure Sockets Layer/Transport Layer Security (SSL/TLS) encapsulated EAP. |
| Why is using WPA and TKIP a poor choice for secure wireless access points? | TKIP packets can be encrypted |
| Pre-shared key (PSK) is a part of what authentication method | WPA2-Personal |
| Wireless client authentication method for corporate wireless network? | WPA2-Enterprise |
| Wildcard certificates secure | multiple subdomains |
| Subject Alternative Names secure | multiple domains |
| A certificate signing request (CSR) is used to create a certificate. What is the third party service used to receive the corresponding certificate | The certificate authority (CA) |
| To fully prove ownship of a domiain need to have? | Extended validation certificate |
| Certificate Pinning? | minimizes man-in-middle attacks; associates the certificate with the web server |
| Weak validation of domain ownership? | Domain validation certificate - only proves a claim of ownership through a variety of methods, such as by emailing the contact in the domain's Whois records. |
| What component makes website data secure for users | The certificate |
| What must a system administrator initially do to set up a root certificate? | Self-sign the certificate |
| What is the best method for securing communications for users to server systems? | User certs secure communications from user to servers |
| Computer certificates protect? | Secure communications between server systems |
| What certificate format is often used interchangeably with .P12 | .PFX |
| Which certificate uses only the distinguished encoding rules format? | .DER |
| What do we call subordinate certificates that increase security because they are not created from the root certificate? | Intermediate certificates |
| An American company wants to sell its apps to users in the European Union. What must a developer do to validate their apps as legitimate to those users? | Use a code signing certificate |
Quer criar seus próprios Flashcards gratuitos com GoConqr? Saiba mais.