$1.$ True or False. SSL and TLS two different names for the exact same, interchangeable technology. Since they are the same thing, if a system uses SSL it can also use TLS and vice versa.

a$.$ True

b$.$ False

$2.$ Asymmetric encryption takes a bit of work to set up$.$ That is$,$ first both parties need to agree on which algorithm to use, one or both parties need to generate a set of public$/$private keys, and then the key exchange needs to occur. When asymmetric was first implemented each user had to perform these steps manually. With modern encryption systems the steps in this process can be performed automatically. What is the name of the technology or technologies that have automated this setup?

a$.$ TLS

b$.$ RSA

c$.$ AES

d$.$ OpenSSL e$.$ SHA$-256$ f$.$ HMAC

g$.$ EC$-$DH

$3.$ While asymmetric encryption solved the key exchange problem faced by symmetric encryption, it is vulnerable to Man$-$In$-$The$-$Middle Attacks, where the attacker replaces the valid asymmetric public key$($s$)$ with their own public key. What is the name of the system that has been implemented to authenticate public keys?

a$.$ PKE b$.$ PKI

c$.$ TKI

d$.$ DNS e$.$ RSA

f$.$ HMAC

$4.$ True or False. Asymmetric encryption solved the key exchange problem, but it is much slower than symmetric encryption.

a$.$ True b$.$ False

$5.$ In modern encryption asymmetric encryption is used at the very beginning of the process, but typically only to exchange a symmetric seed$/$key$.$ After the symmetric seed$/$key is exchanged, modern systems switch to fast symmetric encryption. What is the name of the technology or technologies that have automated switching from asymmetric encryption to symmetric encryption in the modern encryption process?

a$.$ TLS

b$.$ PKI

c$.$ AES

d$.$ OpenSSL e$.$ SHA$-256$

f$.$ HMAC g$.$ EC$-$DH

$6.$ True or False. Even though there are three asymmetric encryption algorithms, all web clients and web servers use RSA exclusively, making E$-$Commerce possible.

a$.$ True b$.$ False

$7.$ True or False. Even though there are a few different symmetric encryption algorithms, all web clients and web servers use AES exclusively, making E$-$Commerce possible.

a$.$ True b$.$ False

$8.$ True or False. Even though there are a few different hash algorithms, all web clients and web servers use SHA$-3$ exclusively, making E$-$Commerce possible.

a$.$ True b$.$ False

$9.$ True or False. The client PKI certificate mandates the set of symmetric and asymmetric encryption algorithms to use when setting up a secure connection between a client and server.

a$.$ True b$.$ False

$10.$ Which of the following is most true regarding TLS$?$

a$.$ All transmissions are secured using asymmetric encryption.

b$.$ All transmissions are secured using symmetric encryption.

c$.$ Initially asymmetric encryption is used to exchange a symmetric key. After this

initial key exchange, all remaining transmissions are secured using symmetric

encryption.

d$.$ Initially symmetric encryption is used to exchange an asymmetric key. After this

all remaining transmissions are secured using asymmetric encryption. e$.$ The form of encryption used depends on whether SSL or TLS is used.

$11.$ In the big Internet PKI system, which of the following components acts as the gatekeeper into the PKI system for businesses and organizations by ensuring a background check is passed and verifying the organization$$s identity before approving a certificate for the organization?

a$.$ Certificate Authority

b$.$ Validation Authority

c$.$ Registration Authority

d$.$ United States Department of Commerce

e$.$ ICANN $($Internet Corporation for Assigned Names and Numbers$)$

$12.$ True or False. In the big Internet PKI system there are multiple types of authentication certificates that can be used to authenticate a web site and result in a lock icon being displayed when pages from the web site are displayed.

a$.$ True b$.$ False

$13.$ True of False. The background check performed by all of the current Certificate Authorities is so robust that it$$s impossible for a fraudulent company to obtain a certificate. If you are on the Internet and see the lock in a web site$$s URL, indicating they have a valid certificate, you can be $100\%$ assured that the organization running the web site is genuine.

a$.$ True b$.$ False

$14.$ Assume that Alice and Bob live in two different countries and want to exchange email messages in a secure manner. They decide to use OpenPGP to protect their messages. Which trust model are they using?

a$.$ Centralized Trust Model b$.$ Symmetric Trust Model c$.$ International Trust Model d$.$ Web of Trust

$15.$ Assume you$$re buying your favorite cryptology teacher a new Lego set from Amazon.com. During the process of paying Amazon for the purchase are you using centralized or decentralized trust model $($web of trust$)?$

a$.$ Centralized

b$.$ Decentralized