a. Owner name
b. Public key
c. Effective dates for keys
d. Insurance company name
158. d. The information on the digital certificate includes the owner name, public key, and start and end dates of its validity. The certificate should not contain any owner information that changes frequently (for example, the insurance company name).
159. What is the major requirement for a public key certification authority?
a. It must be independent.
b. It must have a proper contract.
c. It must be trusted.
d. It must have a good reputation.
159. c. A public key certificate is a credential that binds a key pair and the identity of the owner of the key (i.e., to a legal person). The necessary trust may come from several sources such as the role and independence of the certification authority, reputation, contract, management integrity, and other legal obligations.
160. Which of the following statements is true about elliptic curve cryptography?
a. It uses an asymmetric-key algorithm.
b. It competes with the Whitfield-Diffie algorithm.
c. It competes with the digital signature algorithm.
d. It uses a symmetric-key algorithm.
160. a. The elliptic curve is well suited for low bandwidth systems and uses an asymmetric-key algorithm for encryption. The Rivest, Shamir, and Adelman (RSA) and elliptic curve algorithms are used for encryption, where the latter is a new one with shorter key lengths and is less computationally intensive. The Whitfield-Diffie algorithm is used for secure key exchange. The digital signature algorithm is used only for digital signatures. Both Whitfield and digital signatures do not compete with elliptic curve.
161. What is the best way to encrypt data?
a. Bulk encryption
b. Link encryption
c. Transaction encryption
d. End-to-end encryption
161. b. There are two modes of implementation of encryption in a network, namely link (online) and end-to-end. Link encryption encrypts all the data along a communications path (for example, a satellite link, telephone circuit, or T1 line) and encrypts both headers and trailer of the packet, which is the best thing to do. It provides good protection against external threats such as traffic analysis because all data flowing on links can be encrypted, including addresses and routing information. Although a major advantage of link encryption is that it is easy to incorporate into network protocols at the lower levels of the OSI model, a major disadvantage is that it encrypts and decrypts a message several times at each link or node in the clear text, thus leading to node compromise.
Bulk encryption is simultaneous encryption of all channels of a multichannel telecommunications trunk. Transaction encryption is used in the payment card industry, perhaps using secure electronic transaction (SET) protocol for secure transactions over the Internet.
In end-to-end encryption, a message is encrypted and decrypted only at endpoints, does not encrypt headers and trailers, and operates at the higher levels of the OSI model, thereby largely circumventing problems that compromise intermediate nodes. In this type of encryption, routing information remains visible and is a potential risk.
162. What is the correct sequence of keys in a triple data encryption standard (3DES) algorithm operating with three keys?
a. Encrypt-decrypt-encrypt
b. Decrypt-encrypt-decrypt
c. Encrypt-encrypt-encrypt
d. Decrypt-decrypt-decrypt
162. c. With three keys operating, the sequence is encrypt-encrypt-encrypt, that is, one key is used for each mode of operation. Encrypt-decrypt-encrypt is incorrect because it is an example of operating with two keys where the first key is used to encrypt, the second key is to decrypt, and the first key again to encrypt. The other two choices are not meaningful here.
163. Which of the following is best qualified to evaluate the security of Public Key Infrastructure (PKI) systems and procedures?
a. Certification authorities
b. Registration authorities
c. Trusted third parties
d. Subscribers
