60. b. In general, protocols and applications are designed to use cryptographic algorithms from one mathematical family. For most uses, digital signature keys and key establishment keys should provide consistent cryptographic strength. For example, applications that encounter certificates with elliptic curve digital signature algorithm (ECDSA) digital signatures would expect to use elliptic curve Diffie-Hellman (ECDH) for the key establishment key. Rivest, Shamir, and Adelman (RSA) is not compatible with ECDSA, whereas it is compatible with DH. It is advisable that users obtain an authentication type key, a digital signature key, and a key establishment key that are complementary in nature to ensure that the keys can be used together in protocols and applications. Complementary algorithms for public keys enhance interoperability.
61. Which of the following is the major reason for the transport layer security (TLS) protocol to provide end-to-end reliable delivery of data and messages?
a. Cyclical redundancy checks
b. Message reassembly
c. Forward error correction technique
d. Message fragmentation
61. b. Reliable delivery of data implies that all messages presented to the sending TCP/IP stack are delivered in proper sequence by the receiving TCP/IP stack. These messages may be broken up into packets and fragmented or segmented as they are sent and routed through any arrangement of local-area, wide-area, or metropolitan-area networks. During routing through networks, data are augmented with cyclical redundancy checks or forward error correction techniques to help ensure that the delivered messages are identical to the transmitted messages. Reliable delivery means that the messages are properly reassembled and presented in proper sequence to the peer protocol TLS entity. Here, the TLS relies on the communications functionality of the OSI/ISO lower layer protocols.
62. The transport layer security (TLS) protocol version 1.1 mandates the use of which of the following cipher suites?
a. TLS and DES with RC4-40, RC2-CBC-40, and DES-40
b. TLS and DHE-DSA with 3DES-EDE-CBC and SHA-1
c. TLS and DHE-DSS with 3DES-EDE-CBC and SHA-1
d. TLS and RSA with 3DES-EDE-CBC and SHA-1
62. d. The TLS version 1.1 mandates the use of the TLS and RSA with 3DES-EDE-CBC and SHA-1 cipher suite, and is more commonly used. The DES with RC4-40, RC2-CBC-40, and DES-40 cannot be combined with TLS because the algorithm is deprecated. The TLS and DHE-DSA with 3DES-EDE-CBCand SHA-1 is not often used. The TLS version 1.0 uses the TLS and DHE-DSS with 3DES-EDE-CBC and SHA-1.
63. The transport layer security (TLS) protocol’s security specification for ensuring confidentiality goal is:
a. Rivest, Shamir, and Adelman (RSA)
b. Digital signature algorithm (DSA)
c. Triple-data encryption standard (3DES) using encryption-decryption-encryption (EDE) and cipher block chaining (CBC)
d. Message digest 5 (MD5)
63. c. The transport layer security (TLS) protocol’s security specification for ensuring the confidentiality goal is 3DES-EDE-CBC. RSA is used for key establishment, a DSA is used for digital signatures, and MD5 is used for hash function purposes.
64. What is a digital certificate?
a. A password-protected file
b. An encrypted file
c. A password-protected and encrypted file
d. A password-protected and modem-protected file
64.c. A digital certificate is a password-protected and encrypted file that contains identification information about its holder. It is not a modem-protected file.
65. Most commonly used X.509 certificates do not refer to which of the following?
a. Tamper-evident envelope
b. Attribute certificate
c. Public key certificate
d. Basic certificate content
65. b. The ISO/ITU-T X.509 standard defines two types of certificates: the X.509 public key certificate and the X.509 attribute certificate. Most commonly, an X.509 certificate refers to the X.509 public key certificate. The public key certificate contains three nested elements: (i) the tamper-evident envelope (digitally signed by the source), (ii) the basic certificate content (for example, identifying information and public key), and (iii) extensions that contain optional certificate information. The X.509 attribute certificate is less commonly used.
66. Which of the following features of Secure Hypertext Transfer Protocol (S-HTTP) achieves higher levels of protection?
