Module 10 - Public Key Infrastructure - Q&A

Question 1

PKI primarily depends upon the principles of \_\_\_\_\_\_\_\_\_\_.
A. asymmetric cryptography
B. symmetric cryptography
C. hybrid cryptography
D. hashing

Answer 1

C. PKI primarily depends upon the principles of hybrid cryptography.

Question 2

Which of the following standards dictates digital certificate file format, as well as use and information contained in the file?
A. X. 509
B. PKCS #12
C. X. 500
D. PKCS #7

Answer 2

A. The X. 509 standard dictates digital certificate file format, as well as use and information contained in the file.

Question 3

If an individual encrypts a message with his own private key, what does this assure?
A. Confidentiality
B. Message authenticity
C. Integrity
D. Availability

Answer 3

B. If an individual encrypts a message with his private key, this ensures message authenticity, since he is the only person who could have encrypted it.

Question 4

Which of the following entities can help distribute the workload of the CA by performing identification and authentication of individual certificate requestors?
A. Subordinate CA
B. Root CA server
C. Authentication Authority
D. Registration Authority

Answer 4

D. The Registration Authority (RA) can help distribute the workload of the CA by performing identification and authentication of individual certificate requestors.

Question 5

Which of the following serves as the master certificate server in an organization?
A. Intermediate CA server
B. Root CA server
C. Subordinate CA server
D. Kerberos KDC

Answer 5

B. A root CA server is the master certificate server in an organization.

Question 6

Which of the following is used to get certificate status information from a CA automatically?
A. OCSP
B. CRL
C. Root CA
D. Kerberos authentication protocol

Answer 6

A. The Online Certificate Security Protocol (OSCP) is used to get certificate status information from a CA automatically.

Question 7

Which of the following events in a certificate lifecycle is only a temporary situation in which a certificate is invalidated for an indefinite period of time and can be restored by the CA at its discretion?
A. Certificate revocation
B. Certificate expiration
C. Certificate suspension
D. Certificate denial

Answer 7

C. A certificate suspension is only a temporary situation in which a certificate is invalidated for an indefinite period of time and can be restored by the CA at its discretion.

Question 8

Which of the following is an individual or entity that has the ability and authority to use another individual’s private key or a different key to decrypt data that would otherwise be lost?
A. CA
B. Recovery agent
C. Server administrator
D. RA

Answer 8

B. The recovery agent is an entity that has the ability and authority to use another individual’s private key or a different key to decrypt data that would otherwise be lost.

Question 9

Which of the following certificate trust models is typically found within an organization?
A. Transitive trust model
B. Web-of-trust model
C. Cross-trust model
D. Hierarchical trust model

Answer 9

D. A hierarchical trust model is typically found within an organization.

Question 10

Which of the following certificate trust models does not depend on a structured PKI?
A. Web-of-trust model
B. Cross-trust model
C. Transitive trust
D. Hierarchical trust model Answers

Answer 10

A. A web-of-trust model does not use a formal PKI and is often found in use between smaller groups of people or individuals.