1) Which of the following aims to support distributed authentication and authorization over the Internet? *Trust bridge services? *DFS? *Transitive trust services? *Trust link services? *Federation services?

2) In which of the following types of access control is the default for Windows systems and has access determined by the owner of a resource?: *Mandatory access control? *Rule based access control? *Discretionary access control? *Role based access control?

3) Which of the following are responsibilities of the certificate authority (CA) that cannot be outsourced? (Choose all that apply.) *Key recovery? *Identity proofing? *Maintaining the CRL? *Key escrow? *Key generation?

4) Public keys of compromised certificates can be found in which ways? (Choose all that apply.) *Blowfish? *PBKDF2? *OCSP? *Bcrypt? *CRL?

5) A security administrator uses third-party certificate authorities plus their own set of enterprise certificate authorities. How is a list of trusted certificate authorities delivered to a browser? (Choose all that apply.) *OCSP? *RA? *Group Policy? *Browser manufacturer? *Certificate Authority?

6) A network administrator has a domain that includes single location. They want to store a copy of digital certificates with a trusted third party. What should be implemented? *Key escrow? *Dual keys? *Recovery agent? *Key backup?