問題一覧
1
Which of the following is NOT part of the initialization stage in key/certificate management?
Certificate retrieval
2
What action occurs during the 'Issued' stage of certificate management?
Certificate validation
3
What defines the timeframe during which a certificate is valid and trusted?
Start and end date
4
Which of the following is a reason a certificate may be revoked before its expiration?
Issuing CA was compromised
5
According to RFC 5280, what are the two main revocation states for a certificate?
Revoked and hold
6
What does the 'Hold' state indicate in certificate revocation?
The certificate may be revalidated after investigation
7
What is the typical maximum validity period for a Certificate Revocation List (CRL)?
24 hours
8
How is a CRL validated?
By verifying its signature using the CA’s public key
9
Which of the following is an online alternative to using a CRL for certificate status validation?
OCSP
10
Which of the following is NOT a common tunneling protocol?
FTP
11
What was a major flaw of SSL v2 that made connections insecure?
Use of export-grade cipher suites
12
What size key was typically used in export-grade cipher suites under SSL v2?
40-bit
13
Which of the following is NOT a known SSL/TLS vulnerability?
TUNNEL
14
In SSL/TLS, which methods are used to create a secure tunnel and signature?
Symmetric encryption and hashing
15
What is the primary purpose of a VPN tunnel?
Connect a host to a trusted network over a public network
16
Which two mechanisms are used in IPSec?
ESP and AH
17
What are the two main phases in setting up an IPSec connection?
Key exchange and tunnel policy definition
18
What port does the IPSec handshake use for key exchange?
UDP 500
19
What IP protocol numbers correspond to ESP and AH respectively?
50 and 51
20
What best describes IPsec transport mode?
End-to-end encryption across the network
21
What is the main difference with IPsec tunnel mode?
Tunnel traffic is visible at both ends
22
What does onion routing use to route internet traffic?
Volunteer computers
23
How does the Tor network improve anonymity online?
It uses global volunteer nodes with multiple hopsIt
24
What is the purpose of a key escrow in cryptography?
To keep a copy of the encryption key for government access
25
What does NOBUS stand for in the context of backdoors?
Nobody But Us
26
What is a chosen-ciphertext attack?
Sending data to be encrypted and then analyzing it
27
What is the goal of a cut-and-paste attack?
Combining parts of messages to create a new malicious message
28
What does a time resetting attack exploit?
Time used in key generation
29
What is a time attack in cryptography?
Calculating time taken to decrypt a message
30
Which is NOT a weakness of AES itself, but rather due to poor implementation?
Vulnerability to FREAKBrute force attacks
31
What is a major known weakness of RSA?
Susceptible to numerous known attacks
32
What is a key escrow system used for in cryptography?
Storing a copy of encryption keys for government use
33
What is a key escrow system used for in cryptography?
Storing a copy of encryption keys for government use
34
What does the term NOBUS backdoor stand for?
Nobody But Us
35
Which attack involves trying every possible key to decrypt a message?
Exhaustive search
36
What is required for a known plaintext attack to work?
Both ciphertext and part of the corresponding plaintext
37
Which attack involves impersonating two parties by placing the attacker in between them?
Man-in-the-middle
38
In a chosen-ciphertext attack, what does the attacker do?
Send a message to be encrypted, then analyze the ciphertext
39
Which attack involves modifying or inserting messages into a communication stream?
Active attack
40
How does a time attack work?
By measuring how long it takes to decrypt a message
41
Which of the following is NOT a weakness of AES itself, but rather due to poor implementation?
Lack of key rotation
42
Which encryption method is known to be susceptible to several known attacks and weaknesses?
RSA