Module 17: Quiz – Configure Network and Device Security (Answers) Network Security

1. What are the two important components of a public key infrastructure (PKI) used in network security? (Choose two.)

  • digital certificates
  • pre-shared key generation
  • intrusion prevention system
  • certificate authority
  • symmetric encryption algorithms

Explanation: A public key infrastructure uses digital certificates and certificate authorities to manage asymmetric key distribution. PKI certificates are public information. The PKI certificate authority (CA) is a trusted third-party that issues the certificate. The CA has its own certificate (self-signed certificate) that contains the public key of the CA.

2. What is the purpose of code signing?

  • integrity of source .EXE files
  • data encryption
  • source identity secrecy
  • reliable transfer of data

Explanation: Code signing is used to verify the integrity of executable files downloaded from a vendor website. Code signing uses digital certificates to authenticate and verify the identity of a website.

3. Which statement describes the use of certificate classes in the PKI?

  • Email security is provided by the vendor, not by a certificate.
  • The lower the class number, the more trusted the certificate.
  • A vendor must issue only one class of certificates when acting as a CA.
  • A class 5 certificate is more trustworthy than a class 4 certificate.

Explanation: The higher the certificate number, the more trustworthy the certificate. Class 1 certificates are for individuals, with a focus on email verification. An enterprise can act as its own CA and implement PKI for internal use. In that situation, the vendor can issue certificates as needed for various purposes.​

4. What role does an RA play in PKI?

  • a root CA
  • a super CA
  • a subordinate CA
  • a backup root CA

Explanation: A registration authority (RA) is a subordinate CA. It is certified by a root CA to issue certificates for specific uses.

5. Which protocol uses X.509 certificates to support mail protection performed by mail agents?

  • IPsec
  • SSL
  • S/MIME
  • EAP-TLS

Explanation: Many applications use the X.509 standard format of digital certificates to authenticate websites, public key distribution, and end devices connected to switch ports. User email agents use the S/MIME protocol to support email protection. S/MIME uses X.509 certificates.

6. What protocol is used to query the revocation status of an X.509 certificate?

  • SSL
  • EAP
  • OCSP
  • LDAP

Explanation: Online Certificate Status Protocol (OCSP) is an internet protocol used to query an OCSP server for the revocation status of an X.509 digital certificate.

7. In which way does the use of HTTPS increase the security monitoring challenges within enterprise networks?

  • HTTPS traffic does not require authentication.
  • HTTPS traffic enables end-to-end encryption.
  • HTTPS traffic is much faster than HTTP traffic.
  • HTTPS traffic can carry a much larger data payload than HTTP can carry.

Explanation: HTTPS enables end-to-end encrypted network communication, which adds further challenges for network administrators to monitor the content of packets to catch malicious attacks.

8. Which technology is used to provide assurance of the authenticity and integrity of software code?

  • public key infrastructures
  • block ciphers
  • certificate authorities
  • digital signatures

Explanation: Digital signatures are commonly used to provide assurance of the authenticity and integrity of software code. Executable files are wrapped in a digitally signed envelope, which allows the end user to verify the signature before installing the software.

9. Which CA class of digital certificates would be used by individuals to perform email verification?

  • 1
  • 0
  • 2
  • 3

Explanation: The CA class number determines how rigorous the procedure was that verified the identity of the holder when the certificate was issued. The higher the class number, the more trusted the certificate. Class numbers range from 0 to 5. A class 5 certificate is the most trusted, and class 0 the least trusted. Class 1 is used by individuals for verification of email.

10. What is a purpose of a digital certificate?

  • to support large-scale distribution and identification of public encryption keys
  • to authenticate and verify that a user who is sending a message is who they claim to be
  • to query for the revocation status of an X.509 certificate
  • to assure the authenticity and integrity of software code

Explanation: A digital certificate works like a physical certificate. A digital certificate can be used to authenticate and verify that a user who is sending a message is who they claim to be.

11. What is an appropriate use for class 5 digital certificates?

  • used for online business transactions between companies
  • used for private organizations or government security
  • used by organizations for which proof of identity is required
  • used for testing in situations in which no checks have been performed

Explanation: The CA class number determines how rigorous the procedure was that verified the identity of the holder when the certificate was issued. The higher the class number, the more trusted the certificate. Class numbers range from 0 to 5. A class 5 certificate is the most trusted, and class 0 the least trusted. Class 5 is used for private organizations or government security.


Related Articles

guest
0 Comments
Inline Feedbacks
View all comments