Review Questions

Previous page
Table of content
Next page

1. 

Which of the following organizations is primarily concerned with military encryption systems?

  1. NSA

  2. NIST

  3. IEEE

  4. ITU

a. the nsa is primarily responsible for military encryption systems. the nsa designs, evaluates, and implements encryption systems for the military and government agencies with high security needs.

2. 

Which government agency is primarily responsible for establishing government standards involving cryptography for general-purpose government use?

  1. NSA

  2. NIST

  3. IEEE

  4. ITU

b. nist is responsible for establishing the standards for general- purpose government encryption. nist is also becoming involved in private sector cryptography.

3. 

Which agency operates under United Nations sanctions and is concerned with all aspects of worldwide communication?

  1. NSA

  2. NIST

  3. IEEE

  4. ITU

d. the itu is responsible for establishing communication standards, radio spectrum management, and developing communication infrastructures in underdeveloped nations. the ccitt has become a part of the itu, and it has been replaced by the itu-d committee.

4. 

The process of proposing a new standard or method on the Internet is referred to by which acronym?

  1. WBS

  2. X.509

  3. RFC

  4. IEEE

c. the request for comments (rfc) process allows all users and interested parties to comment on proposed standards for the internet. the rfc editor manages the rfc process. the editor is responsible for cataloging, updating, and tracking rfcs through the process.

5. 

Which working group is responsible for the development of the X.509 certificate standard?

  1. PKCS

  2. PKIX

  3. IEEE

  4. ISOP

b. the pkix working group is responsible for the x.509 certificate standard. the pkix committee reports to the internet engineering task force (ietf).

6. 

Which of the following protocols is similar to SSL but offers the ability to use additional security protocols?

  1. TLS

  2. SSH

  3. RSH

  4. X.509

a. tls is a security protocol that uses ssl, and it allows the use of other security protocols.

7. 

Which protocol provides security for terminal sessions to a remotely located UNIX system?

  1. SSL

  2. TLS

  3. SSH

  4. PKI

c. ssh is the most commonly used protocol for secure connections for terminal sessions. ssh operates similarly to a unix shell, and it allows for similar functionality.

8. 

What problem is created by using a centralized key-generating process?

  1. Network security

  2. Key transmission

  3. Certificate revocation

  4. Private key security

b. key transmission is the largest problem created by the choices given. transmitting private keys while ensuring security is a major concern. private keys are typically transported using out-of-band methods to ensure security.

9. 

Which of the following is a single service or server that stores, distributes, and maintains cryptographic session keys?

  1. KDC

  2. KEA

  3. PKI

  4. PKCS

a. a key distribution center (kdc) is the kerberos server that generates session keys. the kdc is a centralized server, and it is susceptible to single point failure and physical attacks.

10. 

Which of the following is not a consideration in key storage?

  1. Environmental controls

  2. Physical security

  3. Hardened servers

  4. Administrative controls

a. proper key storage requires that the keys be physically stored in a secure environment. this may include using locked cabinets, hardened servers, and effective physical and administrative controls.

11. 

Your key archival system requires three of the five administrators to be present in order to access archived keys. What is this control method called?

  1. M of N Control

  2. Fault tolerance

  3. Redundancy

  4. KSA allocation

a. m of n control specifies that a certain number of people must be present to access archived keys. in this case, m -3 and n -5. this method ensures that no one person can compromise the system.

12. 

Which process is often used to revoke a certificate?

  1. CRA

  2. CYA

  3. CRL

  4. PKI

c. a certificate revocation list (crl) is created and distributed to all cas to revoke a certificate or key.

13. 

Which of the following keys are needed to make a key recovery process work?

  1. Current key

  2. Previous key

  3. Archived key

  4. Escrow key

a, b, c. the current, previous, and archived keys must be accessible for a key recovery process to work. if information is encrypted using a key that has expired or been revoked, the information will not be accessible.

14. 

If a key is suspended, which of the following statements is true?

  1. In order to be used, suspended keys must be revoked.

  2. Suspended keys do not expire.

  3. Suspended keys can be reactivated.

  4. Suspending keys is a bad practice.

c. suspending keys is a good practice. it disables a key, making it unusable for a certain period of time. this can prevent the key from being used while someone is gone. the key can be unsuspended when that person returns.

15. 

Which of the following statements is true?

  1. Key renewal is a good practice.

  2. Key renewal is a bad practice.

  3. Rollovers automatically renew a key.

  4. The suspension process automatically renews a key.

b. key renewal is considered a bad practice. the longer a key is used, the more susceptible it is to decryption. however, key renewal processes may be necessary in a dire situation where a rollover is not wanted.

16. 

What is the process of storing keys for use by law enforcement called?

  1. Key escrow

  2. Key archival

  3. Key renewal

  4. Certificate rollover

a. key escrow is the process of storing keys or certificates for use by law enforcement. law enforcement has the right, under subpoena, to conduct investigations using these keys.

17. 

What is the process of creating new keys to replace expired keys called?

  1. Key renewal

  2. Rollover

  3. Archival

  4. Revocation

b. a rollover process is used to issue new keys when a key is about to expire. a rollover is usually announced to users a week or two in advance to allow them time to copy existing records to the new key.

18. 

What is the encryption process that uses the same key for both ends of a session called?

  1. Symmetrical

  2. Asymmetrical

  3. PKCS

  4. Split key

a. a symmetrical key indicates that the same key is used at both ends of a circuit or session. this key is also called a private key . it must be kept very secure because the disclosure of this key would compromise the circuit.

19. 

PKCS uses which key pairs for encryption?

  1. Symmetric

  2. Public/private

  3. Asymmetric/symmetric

  4. Private/private

b. public key cryptographic systems use a public and private key. the public key can be sent to others to encrypt messages for you. the private key is used to decrypt messages.

20. 

Which of the following is the primary security concern regarding public keys?

  1. Privacy

  2. Authenticity

  3. Access control

  4. Integrity

d. public keys are created to be distributed to a wide audience. the biggest security concern regarding their use is ensuring that the public key maintains its integrity. this can be accomplished by using a thumbprint or a second encryption scheme in the certificate or key.

Answers

1. 

A. The NSA is primarily responsible for military encryption systems. The NSA designs, evaluates, and implements encryption systems for the military and government agencies with high security needs.

2. 

B. NIST is responsible for establishing the standards for general- purpose government encryption. NIST is also becoming involved in private sector cryptography.

3. 

D. The ITU is responsible for establishing communication standards, radio spectrum management, and developing communication infrastructures in underdeveloped nations. The CCITT has become a part of the ITU, and it has been replaced by the ITU-D committee.

4. 

C. The Request for Comments (RFC) process allows all users and interested parties to comment on proposed standards for the Internet. The RFC editor manages the RFC process. The editor is responsible for cataloging, updating, and tracking RFCs through the process.

5. 

B. The PKIX working group is responsible for the X.509 certificate standard. The PKIX committee reports to the Internet Engineering Task Force (IETF).

6. 

A. TLS is a security protocol that uses SSL, and it allows the use of other security protocols.

7. 

C. SSH is the most commonly used protocol for secure connections for terminal sessions. SSH operates similarly to a UNIX shell, and it allows for similar functionality.

8. 

B. Key transmission is the largest problem created by the choices given. Transmitting private keys while ensuring security is a major concern. Private keys are typically transported using out-of-band methods to ensure security.

9. 

A. A Key Distribution Center (KDC) is the Kerberos server that generates session keys. The KDC is a centralized server, and it is susceptible to single point failure and physical attacks.

10. 

A. Proper key storage requires that the keys be physically stored in a secure environment. This may include using locked cabinets, hardened servers, and effective physical and administrative controls.

11. 

A. M of N Control specifies that a certain number of people must be present to access archived keys. In this case, m = 3 and n = 5. This method ensures that no one person can compromise the system.

12. 

C. A Certificate Revocation List (CRL) is created and distributed to all CAs to revoke a certificate or key.

13. 

A, B, C. The current, previous, and archived keys must be accessible for a key recovery process to work. If information is encrypted using a key that has expired or been revoked, the information will not be accessible.

14. 

C. Suspending keys is a good practice. It disables a key, making it unusable for a certain period of time. This can prevent the key from being used while someone is gone. The key can be unsuspended when that person returns.

15. 

B. Key renewal is considered a bad practice. The longer a key is used, the more susceptible it is to decryption. However, key renewal processes may be necessary in a dire situation where a rollover is not wanted.

16. 

A. Key escrow is the process of storing keys or certificates for use by law enforcement. Law enforcement has the right, under subpoena, to conduct investigations using these keys.

17. 

B. A rollover process is used to issue new keys when a key is about to expire. A rollover is usually announced to users a week or two in advance to allow them time to copy existing records to the new key.

18. 

A. A symmetrical key indicates that the same key is used at both ends of a circuit or session. This key is also called a private key. It must be kept very secure because the disclosure of this key would compromise the circuit.

19. 

B. Public Key Cryptographic Systems use a public and private key. The public key can be sent to others to encrypt messages for you. The private key is used to decrypt messages.

20. 

D. Public keys are created to be distributed to a wide audience. The biggest security concern regarding their use is ensuring that the public key maintains its integrity. This can be accomplished by using a thumbprint or a second encryption scheme in the certificate or key.


Previous page
Table of content
Next page
CompTIA Security+ Study Guide. Exam SY0-101
Security+ Study Guide
ISBN: 078214098X
EAN: 2147483647
Year: 2006
Pages: 167
Authors: Michael A. Pastore
BUY ON AMAZON
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
Java for RPG Programmers, 2nd Edition
Competency-Based Human Resource Management
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
InDesign Type: Professional Typography with Adobe InDesign CS2
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy