114. c. During the post-operational phase, keying material is no longer in operational use, but access to the keying material may still be possible. A key management archive is a repository containing keying material and other related information of historical interest. Not all keying material needs to be archived. For example, passwords which often change need not be archived because storing passwords for the keys can increase the risk of disclosure.
Initialization vector is incorrect because it can be archived. It can be retained until it’s no longer needed to process the protected data. An initialization vector is a vector used in defining the starting point of a cryptographic process. Audit information can be archived and can be retained until no longer needed. Domain parameters are incorrect because they can be archived. These parameters can be retained until all keying material, signatures, and signed data using the domain parameters are removed from the archive.
115. Regarding cryptographic key management systems, which of the following require frequent audits?
a. Security plans
b. Security procedures
c. Human actions
d. Protective mechanisms
115. c. On a more frequent basis, the actions of the humans who use, operate, and maintain the system should be reviewed to verify that they continue to follow established security procedures. Strong cryptographic systems can be compromised by lax and inappropriate human actions. Highly unusual events should be noted and reviewed as possible indicators of attempted attacks on the system.
Security plans, security procedures, and protective mechanisms are incorrect because they are considered as part of the human actions audit and they continue to support the cryptographic key management policy.
116. Regarding cryptographic key management system survivability, which of the following keys need to be backed up to decrypt stored enciphered information?
1. Master keys
2. Key encrypting key
3. Public signature verification keys
4. Authorization keys
a. 1 only
b. 3 only
c. 4 only
d. 1, 2, 3, and 4
116. d. Without access to the cryptographic keys that are needed to decrypt information, organizations risk losing their access to that information. Consequently, it is prudent to retain backup copies of the keys necessary to decrypt stored enciphered information, including master keys, key encrypting keys, public signature verification keys, and authorization keys. These items should be stored until there is no longer any requirement for access to the underlying plain text information.
117. Which of the following is not a critical component of cryptographic key management system?
a. Point-to-point environment
b. Key distribution center environment
c. Key translation center environment
d. Key disclosure center environment
117. d. A cryptographic key management system must have three components to operate: a point-to-point environment, a key distribution center environment, and a key translation center environment. A key disclosure center environment is not relevant here.
118. Which of the following is not used to obtain nonrepudiation service?
a. Digital signatures
b. Digital message receipts
c. Integrity checks
d. Timestamps
118. c. Nonrepudiation services are obtained by employing various techniques or mechanisms such as digital signatures, digital message receipts, and timestamps, not integrity checks. Integrity checks are used with operating systems.
119. In cryptographic key management, key zeroization means which of the following?
a. Key recovery
b. Key regeneration
c. Key destruction
d. Key correction
119. c. Key zeroization means key destruction. It is a method of erasing electronically stored keys by altering the contents of key storage so as to prevent the recovery of keys. The other three choices do not need key zeroization. Key recovery is a function in the life cycle of keying material in that it allows authorized entities to retrieve keying material from the key backup or archive. Key regeneration and key correction are needed when a key is compromised.
120. Which of the following binds the identity of a user to his public key?
a. Private key technology and digital certificates
b. Symmetric key technology and digital signatures
c. Public key technology and digital certificates
d. Cryptographic key technology and electronic signatures
