163. c. Trusted third parties, who are independent of the certification and registration authorities and subscribers and who are employed by independent audit or consulting organizations are good candidates to conduct security evaluations (for example, reviews and audits) of the PKI systems and procedures. A written report is published after the security evaluation. A certification authority is a person or institution that is trusted and can vouch for the authenticity of a public key. The authority can be a principal or a government agency that is authorized to issue a certificate. A registration authority manages the certificate life cycle in terms of maintenance and revocation. Subscribers include both individuals and business organizations that use the certificate in their businesses.
164. Which of the following statements is not true about Secure Sockets Layer (SSL)?
a. It uses both symmetric and asymmetric key cryptography.
b. It is used to perform authentication.
c. It is a point-to-point protocol.
d. It is a session-oriented protocol.
164. c. Secure sockets layer (SSL) uses a combination of symmetric and asymmetric key cryptography to perform authentication and encryption services. It is a session-oriented protocol used to establish a secure connection between the client and the server for a particular session. SSL is not a point-to-point protocol.
165. The two protocol algorithms used in cryptographic applications for compressing data are which of the following?
a. SHA1 and MD5
b. 3DES and IDEA
c. DSA and DSS
d. RSA and SKIPJACK
165. a. The secure hash algorithm (SHA1) produces a 160-bit hash of the message contents. Message digest 5 (MD5) produces a 128-bit hash of the message contents. Many cryptographic applications generate and process both SHA1 and MD5. These are faster and take less space to store data. The algorithms mentioned in the other three choices do not have the ability to compress data. 3DES uses a 168-bit key.
166. Which of the following statements is not true about asymmetric-key cryptography?
a. It is used to provide an authentication service.
b. It is used to provide a digital signature service.
c. It can be used to encrypt large amounts of data.
d. It can be used to provide nonrepudiation service.
166. c. A disadvantage of asymmetric-key cryptography is that it is much slower than symmetric-key cryptography and is therefore impractical or efficient for use in encrypting large amounts of data. The other three choices are examples of advantages of using the asymmetric-key cryptography.
167. What is the major purpose of a digital certificate?
a. To achieve the availability goal
b. To maintain more information on the certificate
c. To verify the certificate authority
d. To establish user and device authentication
167. d. Digital certificates are used as a means of user and device authentication. Entities can prove their possession of the private key by digitally signing known data or by demonstrating knowledge of a secret exchanged using public-key cryptographic methods.
168. For integrity protection, most Internet Protocol security (IPsec) implementations use which of the following algorithms?
1. SHA-1
2. MD5
3. HMAC-SHA-1
4. HMAC-MD5
a. 1 only
b. 2 only
c. 1 and 2
d. 3 and 4
168. d. Both HMAC-SHA-1 and HMAC-MD5 algorithms are stronger than SHA-1 or MD5, either alone or together, because they use hash-based message authentication codes (HMACs). Both the SHA-1 and MD5 algorithms are weaker by themselves.
169. Which of the following methods provide the highest level of security to protect data access from unauthorized people?
a. Encryption
b. Callback or dial-back systems
c. Magnetic cards with personal identification number
d. User ID and password
169. a. Encryption provides the highest level of security to protect data access from unauthorized people. It is the process of transforming data to an unintelligible form in such a way that the original data either cannot be obtained (one-way encryption) or cannot be obtained without using the inverse decryption process (two-way encryption). It is difficult to break the encryption algorithm and the keys used in that process.
