Public Key Infrastructure (PKI)


Which of the following answers refers to a hierarchical system for the creation, management, storage, distribution, and revocation of digital certificates? PKI

A type of trusted third party that issues digital certificates used for creating digital signatures and public-private key pairs is known as: CA

Which of the following certificate formats is used to store a binary representation of a digital certificate? DER

A digital certificate which allows multiple domains to be protected by a single certificate is known as: Subject Alternative Name (SAN) certificates

Which digital certificate type allows multiple subdomains to be protected by a single certificate? Wildcard certificate

The term "Certificate chaining" refers to a process of verifying the authenticity of a newly received digital certificate. Such process involves checking all of the certificates in the chain of certificates from a trusted root CA, through any intermediate CAs, down to the certificate issued to the end user. A new certificate can only be trusted if each certificate in that certificate's chain is properly issued and valid. True

Copies of lost private encryption keys can be retrieved from a key escrow by recovery agents. Recovery agent is an individual with access to key database and permission level allowing him/her to extract keys from escrow. True

A trusted third-party storage solution providing backup source for cryptographic keys is referred to as: Key escrow

Which of the answers listed below refer to examples of PKI trust models? All of the above
A security mechanism that allows HTTPS websites to resist impersonation by attackers using fraudulent certificates is called: HTTP Public Key Pnning (HPKP)

Which of the following allows for checking digital certificate revocation status without contacting Certificate Authority (CA)? OCSP stapling

Which of the answers listed below refers to a method for requesting a digital certificate? CSR

What is the fastest way to validating a digital certificate? OCSP

Which of the following solutions allow to check whether a digital certificate has been revoked? CRL, OCSP

Which digital certificate formats are commonly used to store private keys? PFX, P12

Which of the answers listed below refers to the most common format in which Certificate Authorities (CA) issue certificates? PEM