click below
click below
Normal Size Small Size show me how
Public Key Infra...
comptia+ topic
Question | Answer |
---|---|
Which of the following answers refers to a hierarchical system for the creation, management, storage, distribution, and revocation of digital certificates? | pki |
A type of trusted third party that issues digital certificates used for creating digital signatures and public-private key pairs is known as: | ca |
What is the PKI role of Registration Authority (RA)? (Select 2 answers) | Accepting requests for digital certificates Authenticating the entity making the request |
Which of the following solutions allow to check whether a digital certificate has been revoked? (Select 2 answers) | crl ocsp |
What is the fastest way for checking the validity of a digital certificate? | ocsp |
Which of the answers listed below refers to a method for requesting a digital certificate? | csr |
In digital certificate, the Common Name field describes a device or any other entity the certificate has been issued for. In SSL certificate, CN refers to Fully Qualified Domain Name which is domain name of the server protected by the SSL certificate. | true |
Which digital certificate type allows multiple subdomains to be protected by a single certificate? | wildcard certificate |
A digital certificate which allows multiple domains to be protected by a single certificate is known as: | Subject Alternative Name (SAN) certificate |
Code-signing certificates are used to verify the authenticity and integrity of software. Self-signed certificates have a lower level of trustworthiness, because they are not signed by a Certificate Authority (CA). Computer certificates (a.k.a. machine... | true |
What are the characteristic features of the Distinguished Encoding Rules (DER) digital certificate format? (Select 3 answers) | Encoded in binary format .der and .cer file extensions Generally used for Java servers |
Which of the following answers refer to the Privacy Enhanced Email (PEM) digital certificate format? (Select 3 answers) | Encoded in text (ASCII Base64) format .pem, .crt, .cer and .key file extensions Generally used for Apache servers or similar configurations |
What are the characteristic features of the Personal Information Exchange (PFX) and P12 digital certificate format? (Select 3 answers) | .pfx and .p12 file extensions Generally used for Microsoft windows servers encoded in binary format |
Which of the following answers refer to the P7B digital certificate format? (Select 3 answers) | Encoded in text (ASCII Base64) format .p7b file extension Generally used for Microsoft windows and Java Tomcat servers |
Which of the following allows for checking digital certificate revocation status without contacting Certificate Authority (CA)? | stapling |
Which of the following answers refers to a deprecated security mechanism designed to defend HTTPS websites against impersonation attacks performed with the use of fraudulent digital certificates? | pinning |
Which of the answers listed below refer to examples of PKI trust models? | Single CA model Hierarchical model (root CA + intermediate CAs) Mesh model (cross-certifying CAs) Web of trust model (all CAs act as root CAs) Client-server mutual authentication model |
A trusted third-party storage solution providing backup source for cryptographic keys is referred to as: | key escrow |
Copies of lost private encryption keys can be retrieved from a key escrow by recovery agents. Recovery agent is an individual with access to key database and permission level allowing him/her to extract keys from escrow. | true |
The term "Certificate chaining" refers to the process of verifying authenticity of a newly received digital certificate. Such process involves checking all the certificates in the chain of certificates from a trusted root CA, through any intermediate... | true |