Public Key Infrastructure

Question 1

An entire system of hardware, software, policies, procedures, and people
that is based on asymmetric encryption

Answer 1

Public Key Infrastructure (PKI)

Question 2

Digitally-signed electronic documents that bind a public key with a user’s
identity

Answer 2

Certificates

Question 3

Standard used PKI for digital certificates and contains the owner/user’s
information and the certificate authority’s information

Answer 3

X.509

Question 4

Allow all of the subdomains to use the same public key certificate and
have it displayed as valid

Answer 4

Wildcard Certificates

Question 5

Allows a certificate owner to specify additional domains and IP addresses
to be supported

Answer 5

Subject Alternative Name (SAN)

Question 6

The original ruleset governing the encoding of data structures for
certificates where several different encoding types can be utilized

Answer 6

Basic Encoding Rules (BER)

Question 7

A restricted version of the BER that only allows the use of only one
encoding type

Answer 7

Canonical Encoding Rules (CER)

Question 8

Restricted version of the BER which allows one encoding type and has
more restrictive rules for length, character strings, and how elements of a
digital certificate are stored in X.509

Answer 8

Distinguished Encoding Rues (DER)

Question 9

Used to verify information about a user prior to requesting that a
certificate authority issue the certificate

Answer 9

Registration Authority

Question 10

The entity that issues certificates to a user

Answer 10

Certificate Authority

Question 11

An online list of digital certificates that the certificate authority has
revoked

Answer 11

Certificate Revocation List (CRL)

Question 12

A protocol that allows you to determine the revocation status of a digital
certificate using its serial number

Answer 12

Online Certificate Status Protocol (OSCP)

Question 13

Allows the certificate holder to get the OCSP record from the server at
regular intervals and include it as part of the SSL or TLS handshake

Answer 13

OSCP Stapling

Question 14

Allows an HTTPS website to resist impersonation attacks by presenting a
set of trusted public keys to the user’s web browser as part of the HTTP
header

Answer 14

Public Key Pinning

Question 15

Occurs when a secure copy of a user’s private key is held in case
the user accidently loses their key

Answer 15

Key Escrow

Question 16

A specialized type of software that allows the restoration of a lost
or corrupted key to be performed

Answer 16

Key Recovery Agent

Question 17

A decentralized trust model that addresses issues associated with the
public authentication of public keys within a CA-based PKI system

Answer 17

Web of Trust