Digital Certificates

Questions and Answers

Which of the following is NOT a component of a digital certificate?

• Private key (correct)
• Certificate owner's information
• Name of the issuing CA
• Public key and its associated algorithm

What is the purpose of revoking a public key?

• To extend its validity period
• To distribute it widely
• To avoid impersonation attacks (correct)
• To increase its algorithm strength

How are public keys typically distributed?

• On the owner's website
• Via email
• Certificate servers or directory servers (correct)
• All of the above

What is a fingerprint (thumbprint) of a digital certificate?

A hash of the certificate in hexadecimal format for easier manual checks (A)

What is a Certification Authority (CA) and a Registration Authority (RA) collectively known as?

Public Key Infrastructure (PKI) (C)

What is the purpose of Domain Validation in certificate validation?

To check if you control the domain (C)

What is the purpose of Extended Validation in certificate validation?

To perform extensive checks on the organization (D)

What is the purpose of Organisation Validation (OV) in certificate validation?

To check the existence of the organization owning the domain (A)

How do browsers verify the authenticity of a website's certificate?

By verifying the issuing CA's signature on the certificate using the CA's public key (B)

What is the purpose of Certificate Revocation Lists (CRL)?

To communicate revoked certificates (A)

What is the recommended method for storing private keys for individuals?

Encrypted save on a computer's hard drive using a passphrase (A)

What is the purpose of Hardware Security Modules (HSM) or Trusted Platform Modules (TPM) in storing private keys for organizations?

To store private keys and perform cryptographic computations (D)

Which of the following is NOT a component of a digital certificate?

Private key (C)

What is the purpose of revoking a public key?

To avoid impersonation attacks (C)

How are public keys typically distributed?

Certificate servers or directory servers (A)

What is a fingerprint (thumbprint) of a digital certificate?

A hash of the certificate in hexadecimal format for easier manual checks (D)

What is a Certification Authority (CA) and a Registration Authority (RA) collectively known as?

Public Key Infrastructure (PKI) (A)

What is the purpose of Domain Validation in certificate validation?

To check if you control the domain (A)

What is the purpose of Extended Validation in certificate validation?

To perform extensive checks on the organization (D)

What is the purpose of Organisation Validation (OV) in certificate validation?

To check the existence of the organization owning the domain (A)

How do browsers verify the authenticity of a website's certificate?

By verifying the issuing CA's signature on the certificate using the CA's public key (D)

What is the purpose of Certificate Revocation Lists (CRL)?

To communicate revoked certificates (C)

What is the recommended method for storing private keys for individuals?

Encrypted save on a computer's hard drive using a passphrase (B)

What is the purpose of Hardware Security Modules (HSM) or Trusted Platform Modules (TPM) in storing private keys for organizations?

To store private keys and perform cryptographic computations (B)

Which of the following is the purpose of revoking a public key?

To prevent impersonation or man-in-the-middle attacks (C)

What is a digital certificate?

A document that contains the public key, algorithm, and information about the key owner's identity (A)

What is the purpose of a fingerprint (thumbprint) in a digital certificate?

To provide a hash of the certificate in hexadecimal format for easier manual checks (C)

Which of the following is a method for distributing public keys?

All of the above (B)

What is the purpose of a Certification Authority Public Key Infrastructure?

To create and issue digital certificates (C)

What are the levels of certificate validation?

Domain Validation, Organisation Validation (OV), Extended Validation (EV) (C)

What are the components of an X.509 certificate?

Version number, serial number, issuing CA name, validity period, public key, algorithm for the CA's signature, digital signature of the CA (D)

How do browsers verify the authenticity of a website's certificate?

By checking the issuing CA and verifying its signature on the certificate using the CA's public key (D)

What is the purpose of a Certificate Revocation List (CRL)?

To post revoked certificates on certificate servers (A)

What is the recommended way to store private keys for individuals?

On a smartcard/USB token; optionally combined with a PIN/passphrase or biometric identification (B)

What is the purpose of a Hardware Security Module (HSM) or Trusted Platform Module (TPM)?

To store private keys and perform cryptographic computations for organizations (C)

What is the purpose of a Registration Authority (RA) in a Certification Authority Public Key Infrastructure?

To verify the identity of the public key owner (D)

What is the purpose of digital certificates?

To provide a secure way of distributing and verifying public keys.

What is the risk of not properly managing public keys?

Impersonation or man-in-the-middle attacks.

Why is revoking a public key important?

To prevent the use of a compromised private key.

What is the purpose of an expiry date on a public key?

To ensure that keys are regularly updated and not used indefinitely.

What information is included in a digital certificate?

Public key, algorithm, key owner's identity, and digital signatures.

What is the purpose of a fingerprint (thumbprint) of a digital certificate?

To provide an easily verifiable hash of the certificate.

What are the methods for distributing public keys?

Manual distribution, website publication, certificate servers/directory servers.

What is a Certification Authority Public Key Infrastructure composed of?

A Certification Authority (CA) and a Registration Authority (RA).

What is the process for creating a digital certificate?

Creating a public-private key pair, submitting public key to a CA, RA verifies owner's identity, CA issues certificate digitally signed using private key.

What are the three levels of certificate validation?

Domain Validation, Organisation Validation (OV), and Extended Validation (EV).

What components are included in an X.509 certificate?

Version number, certificate serial number, issuing CA name, validity period, owner's information, public key and associated algorithm, algorithm for CA's signature, and digital signature of the CA.

What is the purpose of Certificate Revocation Lists (CRL)?

To list revoked certificates that should no longer be trusted.

Flashcards are hidden until you start studying