8. a. Nonce is a time-varying and nonrepeating cryptographic value with the use of a timestamp, a sequence number, or combination, which are freshly generated random values. Checksums and check digits are used to ensure data accuracy during data entry and data transmission. Payload is a part of the data stream representing the user information in a communication. Protocol is a set of rules used by two or more entities that describe the message order and data structures for information exchange between the entities. A public key is a cryptographic key, used with a public key cryptographic algorithm, that is uniquely associated with an entity and that may be made public. A private key is a cryptographic key, used with a public key cryptographic algorithm that is uniquely associated with an entity and that is not made public.
9. For cryptography, which of the following protects the integrity of the data but does not guarantee authenticity of the information?
a. X.509 public key certificate
b. Public key certificate
c. Private key certificate
d. Self-signed certificate
9. d. A self-signed certificate is a public key certificate whose digital signature may be verified by the public key contained within the certificate. The signature on a self-signed certificate protects the integrity of the data but does not guarantee authenticity of the information. The trust of a self-signed certificate is based on the secure procedures used to distribute it.
The X.509 certificate comes in two types: X.509 public key certificate (most common) and the X.509 attribute certificate (less common). A public key certificate is a set of data that uniquely identifies an entity and binds the public key to the entity. The private key is mathematically linked with a corresponding public key.
10. Which of the following is an example of optional-to-implement cryptographic algorithms that provide greater security?
a. DES
b. RSA-512 bit key
c. AES-128 bit key
d. RC2
10. c. The AES-128 bit key is an example of optional-to-implement encryption algorithm that provides a greater security. Other variants of AES include AES-192 bit keys and AES-256 bit keys. The DES algorithm, RC2, and the RSA-512 bit key do not provide adequate security. The DES and RC2 are examples of mandatory-to-implement encryption algorithms that do not provide adequate security. Mandatory-to-implement algorithms will be in any product that meets the public standards, enabling interoperability between products. Optional-to-implement algorithms are next-generation algorithms with improved security that could increase the longevity of a system.
11. Which of the following enables one to locate organizations, individuals, files, and devices in a network whether on the Internet or on a corporate intranet?
a. Online certificate status protocol (OCSP)
b. Certificate management protocol (CMP)
c. Lightweight directory access protocol (LDAP)
d. Over-the-air rekeying protocol (OTAR)
11. c. A lightweight directory access protocol (LDAP) is a centralized directory that becomes a major focal point as a tool for access control. It uses names, addresses, groups, roles, devices, files, and profiles to enable a modular, expandable access control and single sign-on solution to be deployed rapidly for all application systems.
The other three choices do not have such capabilities as the LDAP does. An online certificate status protocol (OCSP) responder is a trusted system and provides signed status information, on a per certificate basis, in response to a request from a relying party. Both certification authority (CA) and registration authority (RA) software support the use of a certificate management protocol (CMP). An over-the-air rekeying (OTAR) protocol is used in digital radios to handle cryptographic security. LDAP, CRLs, and OCSP are used to provide a path validation in a public-key certificate.
12. Most commonly, what are certificate revocation lists (CRLs) distributed through?
1. Certificate management protocol
2. LDAP directories protocol
3. Web servers
4. HTTP URLs
a. 1 or 2
b. 2 or 3
c. 1 or 3
d. 3 or 4
