CKM Examen CKN bla bla bla grile, raspunsuri, teste, pregatire, super tare mtr.anca published on June 10, 201614 responses 0 « Previous Next » Questions in vertical order 1/16 Who can recover a private key within an enterprise CA implemented by Microsoft Certificate Services 2003? Key Recovery Agent CA Administrator Backup Operator Certificate Manager 2/16 How are the users' private keys stored in a database of an enterprise CA implemented by Microsoft Certificate Services 2003? without being encrypted, the protection being ensured by the access grants and credentials at the database level encrypted with the CA’s private key encrypted by the Key Recovery Agent’s public key encrypted with the Backup Operator’s private key 3/16 What is the role of an HSM - Hardware Security Module? Ensures protection for the computer which tuns the installed CA software Allows keeping secret the used cryptographic algorithms Accelerates the cryptographic operations Ensures the cryptographic keys protection 4/16 When do you need to revoke a digital certificate? Hint: 2 choices If the user leaves the organization If the cryptographic algorithms and key lengths are no longer suitable for the necessary protection If the private key associated to the public key certificate is compromised When the user's digital certificate came into possession of a third party 5/16 What is the extension that defines the categories of applications that can use a digital certificate? Hint: 2 choices Extended Key Usage Key Usage Policy Constraints Subject Public Key Info 6/16 How is possible to determine the level of trust in a digital certificate issued by a Certification Authority: Based on Subject Key Identifier extension By reading Trust Level attribute from the Repository The analysis of CP and CPS Using the OCSP protocol 7/16 What should be done to ensure the protection of the cryptographic keys? Hint: 3 choices Keeping the secret of the encryption algorithms used The users’ awareness of the importance of correct cryptographic key management To use validated cryptographic algorithms and modules The choice of key lengths as large as possible 8/16 What are the minimum recommended key lengths to use for the moment, in order to ensure data protection for 10 years? 256 bits for symmetric algorithms and 4096 bits for public key algorithms 64 bits for symmetric algorithms and 1024 bits for public key algorithms 128 bits for symmetric algorithms and 2048 bits for public key algorithms 192 bits for symmetric algorithms and 3072 bits for public key algorithms 9/16 The main features of the OCSP protocol are: Hint: 2 choices It is used by the clients in order to access the Certificate Repository Relieves the clients by the CRL’s specific complex processing It is a simple request / response protocol Allows the clients to revoke the certificates in case of the compromise of the private key 10/16 Which of the f.ollowing statements are true about the hierarchical PKI architectures? Hint: 2 choices There is a single point of trust - Root Certification Authority The compromise of the private key does not affect the other authority The certification paths are unidirectional and easy to determine The certification paths are dependent by the user who does the validation 11/16 CA – Certification Authority are designed to: Hint: 3 choices archive the private keys used by the end-users for signing data Establish the relationships with other CAs for cross-certification issue and revoke digital certificates publish the digital certificates in the Repository 12/16 Certificate Repository serves to: Hint: 2 choices The distribution of digital certificates CRL distribution Interface used by the end-users for submitting the issuing certificates requests Logging the events related to the certificates management 13/16 Which of the f.ollowing statements about the Microsoft Certificate Services 2003 version Enterprise are true? Allows the implementation of the "m from n" schemes in order to restore the private keys In addition to Active Directory, it can be integrated with any directory server Use IIS Web Server as user interface Allows the definition of new templates for certificates 14/16 RA – Registration Authority is designed to: Archive the private keys used to decrypt data by the end-users Record the users private keys used to sign data Verify that users are using the key pairs in a correct manner Check the issuing certifcate requests and the identity of the final entities 15/16 The term "key escrow" refers to: Check if a user holds the private key associated to the public key from a digital certificate Prime number test used in the RSA key generation process Arrangement by which the cryptographic keys are stored on a trusted third party and used when necessary Protocol which negotiates a session key between two entities 16/16 The advantages of using a Bridge CA in order to ensure the PKI interoperability are: Simplifying the process of certification policy equivalency All users will use a single point of trust - Bridge CA Reducing the number of bilateral cross-certification It is a standardized method and therefore supported by most PKI applications