Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

NetSec > Module 17 > Flashcards

Module 17 Flashcards

1
Q

are a mathematical technique used to provide authenticity, integrity, and nonrepudiation.

A

Digital signatures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The following are characteristics of digital signatures:

A
  • Authentic
  • Unalterable
  • Not reusable
  • Non-repudiated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  • The signature cannot be forged and provides proof that the signer, and no one else, signed the document.
A
  • Authentic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  • After a document is signed, it cannot be altered.
A
  • Unalterable
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  • The document signature cannot be transferred to another document.
A
  • Not reusable
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  • The signed document is considered to be the same as a physical document.
A
  • Non-repudiated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Digital signatures are commonly used in the following two situations:

A

code signing and
digital certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

There are three Digital Signature Standard (DSS) algorithms that are used for generating and
verifying digital signatures:

A
  • Digital Signature Algorithm (DSA)
  • Rivest-Shamir Adelman Algorithm (RSA)
  • Elliptic Curve Digital Signature Algorithm (ECDSA)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  • DSA is the original standard for generating public and private key pairs, and for generating and verifying digital signatures.
A
  • Digital Signature Algorithm (DSA)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  • RSA is an asymmetric algorithm that is commonly used for generating and verifying digital signatures.
A
  • Rivest-Shamir Adelman Algorithm (RSA)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  • ECDSA is a newer variant of DSA and
    provides digital signature authentication and non-repudiation with the added benefits of computational efficiency, small signature sizes, and minimal bandwidth.
A
  • Elliptic Curve Digital Signature Algorithm (ECDSA)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Digitally signing code provides several assurances about the code.

A
  • The code is authentic and is actually sourced by the publisher.
  • The code has not been modified since it left the software publisher.
  • The publisher undeniably published the code. This provides nonrepudiation of the
    act of publishing.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A ____ is used to authenticate and verify
that a user who is sending a message is who they claim to be. ___ can also be used to provide confidentiality for the receiver with the means to encrypt a reply.

A

digital certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When establishing an asymmetric connection between two hosts, the hosts will exchange their
public key information.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An __is a digital certificate that confirms the identity of a website domain.

A

SSL certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Some examples of Certificate Authorities (CAs) are

A

IdenTrust, DigiCert, Sectigo, GlobalSign, and
GoDaddy.

These CAs charge for their services.

Let’s Encrypt is a non-profit CA that offers
certificates free of charge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

is needed to support large-scale distribution and identification of public encryption keys.

A

Public key infrastructure (PKI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

CAs, especially those that are outsourced, issue certificates based on classes which determine
how trusted a certificate is.

The class number is determined by how rigorous
the procedure was that verified the identity of the holder when the certificate was issued.

The higher the class number, the more trusted the certificate.

A

0 Used for testing in situations in which no checks have been performed.

1 Used by individuals who require verification of email.

2 Used by organizations for which proof of identity is required.

3 Used for servers and software signing. Independent verification and checking of identity and authority is done by the certificate authority.

4 Used for online business transactions between companies.

5 Used for private organizations or government security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

PKI Trust System

A

PKIs can form different topologies of trust.
The simplest is the single-root PKI
topology.

On larger networks, PKI CAs may be linked using two basic architectures:

  • Cross-certified CA topologies
  • Hierarchical CA topologies
20
Q

Interoperability between a PKI and its
supporting services, such as Lightweight
Directory Access Protocol (LDAP) and
X.500 directories, is a concern because
many CA vendors have proposed and
implemented proprietary solutions instead
of waiting for standards to develop.

To address this interoperability concern,
the IETF published the ____

A

Internet X.509

Public Key Infrastructure Certificate Policy and Certification Practices Framework (RFC 2527).

21
Q

The ___standard defines the format of a digital certificate.

A

X.509 version 3 (X.509 v3)

22
Q

Certificate Enrollment, Authentication, and Revocation

A
  • All systems that leverage the PKI must have the CA’s public key, which is called the self-signed
    certificate. The CA public key verifies all the certificates issued by the CA and is vital for the proper operation of the PKI.
  • For many systems such as web browsers, the distribution of CA certificates is handled automatically.
  • The certificate enrollment process is used by a host system to enroll with a PKI. To do so, CA
    certificates are retrieved in-band over a network, and the authentication is done out-of-band (OOB)
    using the telephone.
  • Authentication no longer requires the presence of the CA server, and each user exchanges their
    certificates containing public keys.
  • Certificates must sometimes be revoked. The two of the most common methods of revocation are
    Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP).
23
Q

Where can PKI be used by an enterprise? The following provides a short list of common
uses of PKIs:

A
  • SSL/TLS certificate-based peer authentication
  • Secure network traffic using IPsec VPNs
  • HTTPS Web traffic
  • Control access to the network using 802.1x authentication
  • Secure email using the S/MIME protocol
  • Secure instant messaging
  • Approve and authorize applications with Code Signing
  • Protect user data with the Encryption File System (EFS)
  • Implement two-factor authentication with smart cards
  • Securing USB storage devices
24
Q

PKI-related issues that are
associated with security warnings include:

A
  • Validity date range - The X.509v3 certificates specify “not before” and “not after” dates. If
    the current date is outside the range, the web browser displays a message. Expired
    certificates may simply be the result of administrator oversight, but they may also reflect
    more serious conditions.
  • Signature validation error - If a browser cannot validate the signature on the certificate,
    there is no assurance that the public key in the certificate is authentic. Signature validation
    will fail if the root certificate of the CA hierarchy is not available in the browser’s certificate
    store.
25
Q

Here is a list of some of the things that a security analyst could do:

A
  • Configure rules to distinguish between SSL and non-SSL traffic, HTTPS and nonHTTPS SSL traffic.
  • Enhance security through server certificate validation using CRLs and OCSP.
  • Implement antimalware protection and URL filtering of HTTPS content.
  • Deploy a Cisco SSL Appliance to decrypt SSL traffic and send it to intrusion prevention
    system (IPS)
26
Q

are a mathematical technique used to provide three basic security services: authenticity, integrity, and nonrepudiation.

A

Digital signatures

27
Q

Digital signatures are a mathematical technique used to provide three basic security services:

A

authenticity, integrity, and nonrepudiation.

28
Q

Properties of digital signature are that they are They are commonly used for code signing and digital certificates.

A

authentic, unalterable, not reusable, and non-repudiated.

29
Q

There are three DSS algorithms that are used for generating and verifying digital signatures:

A

DSA, RSA and ECDSA.

30
Q

A __is used to authenticate and verify that a user who is sending a message is who they claim to be.

A

digital certificate

31
Q

The PKI consists of ____ that are used to create, manage, distribute, use, store, and revoke digital certificates.

A

specifications, systems, and tools

32
Q

PKI-related issues that are associated with security warnings include ___. Some of these issues can be avoided with features of the SSL/TSL protocols.

A

validity date range and signature validation

33
Q

The key components of the cipher suite are

A

the MAC, the encryption algorithm, the key exchange algorithm, and the authentication algorithm.

34
Q

can be used to hide malware command and control traffic between infected hosts and the command and control servers.

A

Encryption

35
Q

What are the two important components of a public key infrastructure (PKI) used in network security? (Choose two.)

A

digital certificates

certificate authority

A public key infrastructure uses digital certificates and certificate authorities to manage asymmetric key distribution. PKI certificates are public information. The PKI certificate authority (CA) is a trusted third-party that issues the certificate. The CA has its own certificate (self-signed certificate) that contains the public key of the CA.

36
Q

What is the purpose of code signing?

A

integrity of source .EXE files

Code signing is used to verify the integrity of executable files downloaded from a vendor website. Code signing uses digital certificates to authenticate and verify the identity of a website.

37
Q

Which statement describes the use of certificate classes in the PKI?

A

a class 5 certificate is more trustworthy than a class 4 certificate

The higher the certificate number, the more trustworthy the certificate. Class 1 certificates are for individuals, with a focus on email verification. An enterprise can act as its own CA and implement PKI for internal use. In that situation, the vendor can issue certificates as needed for various purposes.​

38
Q

What role does an RA play in PKI?

A

a subordinate CA

A registration authority (RA) is a subordinate CA. It is certified by a root CA to issue certificates for specific uses.

39
Q

Which protocol uses X.509 certificates to support mail protection performed by mail agents?

A

S/MIME

Many applications use the X.509 standard format of digital certificates to authenticate websites, public key distribution, and end devices connected to switch ports. User email agents use the S/MIME protocol to support email protection. S/MIME uses X.509 certificates.

40
Q

What protocol is used to query the revocation status of an X.509 certificate?

A

OCSP

Online Certificate Status Protocol (OCSP) is an internet protocol used to query an OCSP server for the revocation status of an X.509 digital certificate.

41
Q

In which way does the use of HTTPS increase the security monitoring challenges within enterprise networks?

A

HTTPS traffic enables end to end encryption

HTTPS enables end-to-end encrypted network communication, which adds further challenges for network administrators to monitor the content of packets to catch malicious attacks.

42
Q

Which technology is used to provide assurance of the authenticity and integrity of software code?

A

digital signatures

Digital signatures are commonly used to provide assurance of the authenticity and integrity of software code. Executable files are wrapped in a digitally signed envelope, which allows the end user to verify the signature before installing the software.

43
Q

Which CA class of digital certificates would be used by individuals to perform email verification?

A

1

The CA class number determines how rigorous the procedure was that verified the identity of the holder when the certificate was issued. The higher the class number, the more trusted the certificate. Class numbers range from 0 to 5. A class 5 certificate is the most trusted, and class 0 the least trusted. Class 1 is used by individuals for verification of email.

44
Q

What is a purpose of a digital certificate?

A

to authenticate and verify that a user who is sending a message is who they claim to be

A digital certificate works like a physical certificate. A digital certificate can be used to authenticate and verify that a user who is sending a message is who they claim to be.

45
Q

What is an appropriate use for class 5 digital certificates?

A

used for private organizations or government security

NetSec (21 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions