|
|
1. | Which of the following organizations is primarily concerned with military encryption systems?
|
|
2. | Which government agency is primarily responsible for establishing government standards involving cryptography for general-purpose government use?
|
|
3. | Which agency operates under United Nations sanctions and is concerned with all aspects of worldwide communication?
|
|
4. | The process of proposing a new standard or method on the Internet is referred to by which acronym?
|
|
5. | Which working group is responsible for the development of the X.509 certificate standard?
|
|
6. | Which of the following protocols is similar to SSL but offers the ability to use additional security protocols?
|
|
7. | Which protocol provides security for terminal sessions to a remotely located UNIX system?
|
|
8. | What problem is created by using a centralized key-generating process?
|
|
9. | Which of the following is a single service or server that stores, distributes, and maintains cryptographic session keys?
|
|
10. | Which of the following is not a consideration in key storage?
|
|
11. | Your key archival system requires three of the five administrators to be present in order to access archived keys. What is this control method called?
|
|
12. | Which process is often used to revoke a certificate?
|
|
13. | Which of the following keys are needed to make a key recovery process work?
|
|
14. | If a key is suspended, which of the following statements is true?
|
|
15. | Which of the following statements is true?
|
|
16. | What is the process of storing keys for use by law enforcement called?
|
|
17. | What is the process of creating new keys to replace expired keys called?
|
|
18. | What is the encryption process that uses the same key for both ends of a session called?
|
|
19. | PKCS uses which key pairs for encryption?
|
|
20. | Which of the following is the primary security concern regarding public keys?
|
|
Answers
1. | A. The NSA is primarily responsible for military encryption systems. The NSA designs, evaluates, and implements encryption systems for the military and government agencies with high security needs. |
2. | B. NIST is responsible for establishing the standards for general- purpose government encryption. NIST is also becoming involved in private sector cryptography. |
3. | D. The ITU is responsible for establishing communication standards, radio spectrum management, and developing communication infrastructures in underdeveloped nations. The CCITT has become a part of the ITU, and it has been replaced by the ITU-D committee. |
4. | C. The Request for Comments (RFC) process allows all users and interested parties to comment on proposed standards for the Internet. The RFC editor manages the RFC process. The editor is responsible for cataloging, updating, and tracking RFCs through the process. |
5. | B. The PKIX working group is responsible for the X.509 certificate standard. The PKIX committee reports to the Internet Engineering Task Force (IETF). |
6. | A. TLS is a security protocol that uses SSL, and it allows the use of other security protocols. |
7. | C. SSH is the most commonly used protocol for secure connections for terminal sessions. SSH operates similarly to a UNIX shell, and it allows for similar functionality. |
8. | B. Key transmission is the largest problem created by the choices given. Transmitting private keys while ensuring security is a major concern. Private keys are typically transported using out-of-band methods to ensure security. |
9. | A. A Key Distribution Center (KDC) is the Kerberos server that generates session keys. The KDC is a centralized server, and it is susceptible to single point failure and physical attacks. |
10. | A. Proper key storage requires that the keys be physically stored in a secure environment. This may include using locked cabinets, hardened servers, and effective physical and administrative controls. |
11. | A. M of N Control specifies that a certain number of people must be present to access archived keys. In this case, m = 3 and n = 5. This method ensures that no one person can compromise the system. |
12. | C. A Certificate Revocation List (CRL) is created and distributed to all CAs to revoke a certificate or key. |
13. | A, B, C. The current, previous, and archived keys must be accessible for a key recovery process to work. If information is encrypted using a key that has expired or been revoked, the information will not be accessible. |
14. | C. Suspending keys is a good practice. It disables a key, making it unusable for a certain period of time. This can prevent the key from being used while someone is gone. The key can be unsuspended when that person returns. |
15. | B. Key renewal is considered a bad practice. The longer a key is used, the more susceptible it is to decryption. However, key renewal processes may be necessary in a dire situation where a rollover is not wanted. |
16. | A. Key escrow is the process of storing keys or certificates for use by law enforcement. Law enforcement has the right, under subpoena, to conduct investigations using these keys. |
17. | B. A rollover process is used to issue new keys when a key is about to expire. A rollover is usually announced to users a week or two in advance to allow them time to copy existing records to the new key. |
18. | A. A symmetrical key indicates that the same key is used at both ends of a circuit or session. This key is also called a private key. It must be kept very secure because the disclosure of this key would compromise the circuit. |
19. | B. Public Key Cryptographic Systems use a public and private key. The public key can be sent to others to encrypt messages for you. The private key is used to decrypt messages. |
20. | D. Public keys are created to be distributed to a wide audience. The biggest security concern regarding their use is ensuring that the public key maintains its integrity. This can be accomplished by using a thumbprint or a second encryption scheme in the certificate or key. |
|
|