Chapter 7 Public Key Infrastructure

1. Why should an organization construct and implement a PKI?

A. To eliminate certificate authorities

B. To provide identification to individuals and ensure availability

C. To establish a level of trust between two entities

D. To enable a centralized directory to store the registered certificate and distribute private keys to users

2. Every CA should have a __________ that outlines how identities are verified.

A. data certification policy

B. recovery agent

C. certificate policy (CP)

D. certification practices statement (CPS)

3. Which type of certificate authority is maintained and controlled by the company that implemented it?

A. Public certification authority (CA)

B. In-house certification authority (CA)

C. Local registration authority (LRA)

D. Offline certification authority (CA)

4. What is the primary reason to have an offline certification server?

A. Cost

B. Security

C. Complexity

D. Backup and recovery

5. What does a trust model indicate?

A. Where the private keys are stored

B. Where the trust paths reside

C. Whether a key needs to be escrowed

D. Whether a key needs to be archived

6. Which type of certificate extensions are implemented for every PKI implementation?

A. Standard

B. Public

C. Private

D. Key usage

7. What is the most common format used by certificate authorities when issuing certificates?

A. Key

B. PEM

C. DER

D. CER

8. It is important that certificates and keys are properly destroyed when their __________.

A. key split occurs

B. key archive expires

C. set lifetime expires

D. key continuity breaks

9. What is the difference between centralized and decentralized infrastructures?

A. The key pairs and certificates do not have a set lifetime in centralized infrastructures.

B. The location where the cryptographic key is generated and stored is different.

C. The network administrator sets up the distribution points in centralized infrastructures.

D. In a decentralized infrastructure, the certificate may have an extended lifetime.

10. __________ is a way of backing up keys and securely storing them in a repository.

A. Key escrow

B. Key recovery

C. Key archiving

D. Stapling

11. Which term means that one person cannot complete a critical task alone?

A. Escrow

B. Separation of duties

C. Dual control

D. Multifactor authentication

12. Which term refers the process of giving keys to a third party so that they can decrypt and read sensitive information if the need arises?

A. Key recovery

B. Key escrow

C. Key archiving

D. Key protection

True / False

13.In a peer-to-peer trust model, one CA is subordinate to another CA.

14. A digital certificate binds an individuals identity to a public key.

15. A Class 3 certificate is generally used to verify an individuals identity through e-mail.

16. Once revoked, a certificate cannot be reinstated.

17. PKI can be used as a measure to trust individuals we do not know.