12. b. Most commonly, the certificate revocation lists (CRLs) are distributed via lightweight directory access protocol (LDAP) directories or Web servers. The certificate management protocol (CMP) and HTTP uniform resource locators (HTTP URLs) are not used to distribute CRLs. Both the LDAP and HTTP URLs are used to specify the location of CRLs. Both certification authority (CA) and registration authority (RA) software support the use of a certificate management protocol (CMP). An LDAP is a centralized directory that becomes a major focal point as a tool for access control.
13. Which of the following is generally the most difficult method of attacking a computer system?
a. Password cracking
b. Packet sniffing
c. Encryption key breaking
d. Sendmail
13. c. Encryption key breaking is not a common method because it is difficult to do and may take years to do. It requires an extensive knowledge of algorithms, hardware, and software that is not possessed by too many people. Password cracking involves guessing a password, which can then be used to gain access to a system. Packet sniffing involves placing a rogue program in a host computer or in a network switch. The program will then monitor all information packets as they go through the network. A malicious code can be sent along with Internet-based e-mail. When the message is received, the attacker’s code will be executed.
14. Which of the following does not need to be destroyed after the corresponding certificate expires?
a. Old key pairs
b. Private key establishment key
c. Private signature keys
d. Public keys
14. b. The user should not destroy the private key establishment key until all symmetric keys established using this key have been recovered or protected by encryption under a different key. Premature destruction of private key establishment keys may prevent recovery of the subscriber’s plaintext data. The keys in the other three choices can be destroyed safely.
15. Which of the following provides end-to-end security to protect information on the Internet?
a. DES and RC2
b. TLS and SSL
c. HTTP and HTTPS
d. TDEA and AES
15. b. The transport layer security (TLS) and secure socket layer (SSL) protocols are the primary end-to-end security protocols used to protect information on the Internet. TLS is an enhanced version of SSL; these protocols are similar but not identical. TLS is a robust protocol that is used to protect various links, such as authentication server to a wireless access point, the electronic mail link between client and server, or dedicated network infrastructure applications primarily involving machines with no human user involvement.
16. Which of the following are examples of mandatory-to-implement cryptographic algorithms that do not provide adequate security over computer networks?
a. AES or 3-TDEA
b. RSA or ECDSA
c. DES or RC2
d. DH or ECDH
16. c. Mandatory-to-implement cryptographic algorithms will be in any cryptographic product that meets the public standards (for example, IETF’s RFCs and ANSI) enabling interoperability between products. AES is an optional-to-implement algorithm now that could become mandatory-to-implement in the future. DES and RC2 are mandatory and do not provide adequate security. DH is the Diffie-Hellman algorithm, which is used to provide key agreement. ECDH is the elliptic curve Diffie-Hellman algorithm, which is used to support key establishment; 3-TDEA is three key TDEA; RSA is a public-key algorithm, whereas ECDSA is a digital signature algorithm.
17. Which of the following should not be used during a transport layer security (TLS) session between a client and a server?
a. DH key agreement
b. RSA key transport
c. Ephemeral DH key
d. Static-to-static DH key agreement
