Section 26 Public Key Infrastructure

Question 1

An entre system of hardware, software, policies, procedures, and people that is based on asymmetric encryption.

Answer 1

Public Key Infrastructure

Question 2

Digitally signed electronic documents that bind a public key with a user’s identity.

Answer 2

Certificates

Question 3

Standard used PKI for digital certificates and contains the owner/users information and the certificate authority’s information.

Answer 3

X.509

Question 4

Allow all of the subdomains to use the same public key certificate and have it displayed as valid.

Answer 4

Wildcard Certificate

Question 5

Allows a certificate owner to specify additional domains and IP addresses to be supported.

Answer 5

Subject Alternative Name (SAN)

Question 6

The original ruleset governing the encoding of data structures for certificates where several different encoding types can be utilized.

Answer 6

Basic Encoding Rules (BER)

Question 7

A restricted version of the BER that only allows the use of only one encoding type.

Answer 7

Canonical Encoding Rules (CER)

Question 8

Restricted version of the BER which allows one encoding type and has more restrictive rules for length, character strings, and how elements of a digital certificate are stored in X.509.

Answer 8

Distinguished Encoding Rules (DER)

Question 9

Used to verify information about a user prior to requesting that a certificate authority issue the certificate.

Answer 9

Registration Authority

Question 10

The entity that issues certificates to a user.

Answer 10

Certificate Authority

Question 11

An online list of digital certificates that the certificate authority has revoked.

Answer 11

Certificate Revocation List (CRL)

Question 12

A protocol that allows you to determine the revocation status of a digital certificate using its serial number.

Answer 12

Online Certificate Status Protocol (OCSP)

Question 13

Allows the certificate holder to get the OCSP record from the server at regular intervals and include it as a part of the SSL or TLS handshake.

Answer 13

OCSP Stapling

Question 14

Allows an HTTPS website to resist impersonation attackers by presenting a set of trusted public keys to the user’s web browser as part of the HTTP header.

Answer 14

Public Key Pinning

Question 15

Occurs when a secure copy of a user’s private key is held in case the user accidently loses their key.

Answer 15

Key Escrow

Question 16

A specialized type of software that allows the restoration of a lost or corrupt key to be performed.

Answer 16

Key Recovery Agent

Question 17

A decentralized trust model that addresses issues associated with the public authentication of public keys within a CA based PKI system.

Answer 17

Web of Trust