Chapter 13: Network Security and Certificate Management Quiz

1. What electronic piece of information proves the identity of the entity that has signed a particular document?

Certificate Authority

Private Key

Public Key

DIGITAL SIGNATURE

A digital signature is a cryptographic technique used to verify the authenticity of a digital message or document. It proves the identity of the entity that has signed the document. Certificate Authority issues certificates, public key is used for encryption, and private key is used for decryption, but they do not directly prove the identity of the signer.

Explanation

A digital signature is a cryptographic technique used to verify the authenticity of a digital message or document. It proves the identity of the entity that has signed the document. Certificate Authority issues certificates, public key is used for encryption, and private key is used for decryption, but they do not directly prove the identity of the signer.

2. Users with what predefined security role are tasked with issuing and managing certificates, including approving certificate enrollment and revocation requests?

Network Engineer

System Analyst

CERTIFICATE MANAGER

Administrative Assistant

Certificate Managers have the specific role and responsibility of managing certificates, including approving requests for certificate enrollment and revocation. Therefore, the correct answer is Certificate Manager.

Explanation

Certificate Managers have the specific role and responsibility of managing certificates, including approving requests for certificate enrollment and revocation. Therefore, the correct answer is Certificate Manager.

3. The Network Device Enrollment Service (NDES) enables network devices to enroll for certificates within a Windows Server 2008 PKI using the Certificates MMC snap-in. TRUE OR FALSE.

UNCERTAIN

TRUE

PARTIALLY TRUE

FALSE

The correct answer is FALSE because the Network Device Enrollment Service (NDES) does not allow network devices to enroll for certificates using the Certificates MMC snap-in. This process typically involves using the NDES server role within the Windows Server environment.

Explanation

The correct answer is FALSE because the Network Device Enrollment Service (NDES) does not allow network devices to enroll for certificates using the Certificates MMC snap-in. This process typically involves using the NDES server role within the Windows Server environment.

4. What identifies certificates that have been revoked or terminated?

CERTIFICATE REVOCATION LIST

Endorsement Revocation Database

PKI Expiration List

Revoked Certificate Registry

A Certificate Revocation List (CRL) is a list of certificates that have been revoked or terminated by the issuing Certificate Authority.

Explanation

A Certificate Revocation List (CRL) is a list of certificates that have been revoked or terminated by the issuing Certificate Authority.

5. Which of the following are not able to be performed by those with the Auditor predefined security role?

Configure audit parameters

Assign security permissions

Generate encryption keys

Define key recovery agents

The Auditor predefined security role does not have the ability to define key recovery agents, but can perform the other listed tasks.

Explanation

The Auditor predefined security role does not have the ability to define key recovery agents, but can perform the other listed tasks.

6. Certificate templates are used by a Certificate Authority to simplify the administration and issuance of digital certificates. TRUE OR FALSE?

TRUE

Not Sure

Maybe

FALSE

Certificate templates play a crucial role in the efficient management and issuance of digital certificates by providing a pre-defined structure for various certificate types.

Explanation

Certificate templates play a crucial role in the efficient management and issuance of digital certificates by providing a pre-defined structure for various certificate types.

7. What consists of a number of elements that allow two parties to communicate securely, without any previous communication, through the use of a mathematical algorithm called public key cryptography?

WEP codes

AES encryption

Public key infrastructure

SSL certificates

8. What type of CA can use certificate templates as well as Group Policy Objects to allow autoenrollment of digital certificates, as well as store digital certificates within the Active Directory database for easy retrieval by users and devices?

Enterprise CA

Root CA

Standalone CA

Intermediate CA

Enterprise CAs are able to use certificate templates and Group Policy Objects for autoenrollment and storing digital certificates in Active Directory, making them the correct answer.

Explanation

Enterprise CAs are able to use certificate templates and Group Policy Objects for autoenrollment and storing digital certificates in Active Directory, making them the correct answer.

9. Can CAs exist in a hierarchical structure consisting of a subordinate CA and one or more root CAs beneath the root?

FALSE

Not enough information provided

Partially TRUE

TRUE

Certificate Authorities (CAs) do not exist in a hierarchical structure where root CAs have subordinate CAs beneath them.

Explanation

Certificate Authorities (CAs) do not exist in a hierarchical structure where root CAs have subordinate CAs beneath them.

10. What are small physical devices on which a digital certificate is installed that are usually the size of a credit card or keychain fob?

RSA SecureID

Smart cards

USB drives

RFID chips

Smart cards are commonly used to securely store digital certificates and are portable and convenient for users to carry around. RSA SecureID is a form of two-factor authentication but not necessarily a small physical device for storing digital certificates. USB drives and RFID chips are not specifically designed to store digital certificates in the same way that smart cards are.

Explanation

Smart cards are commonly used to securely store digital certificates and are portable and convenient for users to carry around. RSA SecureID is a form of two-factor authentication but not necessarily a small physical device for storing digital certificates. USB drives and RFID chips are not specifically designed to store digital certificates in the same way that smart cards are.