Review Questions by yaoyufang


									Security+ Guide to Network Security Fundamentals, 2e                            Solutions 9-1

Chapter 9 Review Questions

    1. _____ cryptography uses one key to both encrypt and decrypt messages.
            a. Symmetric
            b. Asymmetric
            c. PIK
            d. Dual Key Hashing (DKH)
    2. The primary weakness of symmetric cryptography is _________________,
            a. key management
            b. RAM memory requirements
            c. CPU processing speed
            d. Hard disk storage space
    3. A _____ is a shorter version of the message itself that is created by the contents of
        the message and the sender’s private key.
            a. hash algorithm
            b. certificate authority
            c. digital certificate
            d. digital signature
    4. Revoked digital certificates are listed in a(n) ___________________.
            a. Certificate Revocation List (CRL)
            b. Certification Authority Revocation Algorithm (CARA)
            c. 509.X certificate
            d. Public Key Crypto Folder (PKCF)
    5. A subordinate certification authority server is known as a _____ server.
            a. Registration Authority (RA)
            b. CA proxy
            c. Certificate Extension Server (CES)
            d. Digital CA Directory Access Proxy
    6. When using symmetric cryptography it is acceptable to use the same key for
        encrypting documents sent to several different users. True or false?
    7. Another alternative to a certificate authority (CA) is to provide the information in
        a publicly accessible directory called a Certificate Repository (CR). True or
    8. A Public Key Infrastructure (PKI) is a system that manages encryption keys and
        identity information for the human and mechanical components of a network that
        require asymmetric cryptography. True or false?
    9. Public Key Cryptography Standards (PKCS) is a numbered set of standards that
        are widely accepted in the industry. True or false?
    10. A web of trust model uses multiple certification authority (CA) servers. True or
    11. The primary disadvantage of _____ cryptography is that it is a computing-
        intensive process. public key (asymmetric)
Security+ Guide to Network Security Fundamentals, 2e                           Solutions 9-2

    12. _____ defines the format for the digital certificate and is the most widely used
        certificate format for PKI. X.509
    13. _____ certificates are issued directly to individuals and are typically used to
        secure e-mail transmissions through S/MIME and SSL/TLS. Personal
    14. Key management can either be centralized or _____. decentralized
    15. One way to provide more security than a single set of public and private (single-
        dual) keys can offer is to use _____ pairs of dual keys. multiple
    16. Explain the difference between a certificate policy (CP) and a certificate practice
        statement (CPS).
        A certificate policy (CP) is a published set of rules that govern the operation
        of the PKI and may be used by a certificate user to determine the
        trustworthiness of a certificate for a particular application. The CP provides
        recommended baseline security requirements for the use and operation of
        Certificate Authorities (CA), Registration Authorities (RA), and other PKI
        components. A Certificate Practice Statement (CPS) is a more technical
        document compared to a CP. A CPS describes in detail how the CA uses and
        manages certificates.
    17. What is key escrow? Why is it used?
        Keys that are managed by a third-party entity is known as key escrow. There
        are a number of organizations that will provide this service, such as a trusted
        CA. When using key escrow the private key is actually split with each half
        encrypted. The two halves are sent to the third party, which stores each key
        in a separate location. If the private key must be retrieved then the two
        halves are combined together and then decrypted. Although key escrow
        relieves the end user from the worry of losing her private key, by having a
        copy of the key makes it vulnerable to attacks.
    18. Explain M-of-N control and tell how it works.
        What happens if an employee is hospitalized for an extended period of time
        yet the organization for which she works needs to transact business using her
        keys? How can her key be recovered? One technique is known as M-of-N
        control. Well before a user is incapacitated her private key is encrypted and
        divided into a specific number of parts, for example three. The parts are
        distributed to other individuals, with an overlap so that multiple individuals
        have the same part. For example, the three parts could be distributed to six
        people, with two people each having the same part. This is known as the N
        group. If it is necessary to recover the key, a smaller subset of the N group
        known as the M group must meet together and agree that the key should be
        recovered. If a majority of the M group agree then they can piece back
        together the key.
    19. What is the difference between key destruction and key revocation?
        Key destruction removes all private and public keys along with the user’s
        identification information in the CA. When a key is revoked or expired the
        user’s information remains on the CA.
    20. Why should keys not be renewed?
        Keys should be allowed to expire because it provides additional security. If
        an attacker has unknowingly captured a user’s key she could use that key
Security+ Guide to Network Security Fundamentals, 2e                      Solutions 9-3

        indefinitely without the user’s knowledge. If, however, the key is allowed to
        expire then a new key must be generated, making the attacker’s stolen key no
        longer valid.

To top