You want to use a system that can protect communication
by authenticating the server, and also providing
a copy of the server's public key in a trustworthy format.
A provider of trusted certificates will only provide one
when you follow their rules.
There is a protocol that you can use to check in real time
whether a certificate should be trusted or not.
You must have a copy of the currently untrusted
certificates locally, to reduce network traffic.
Rather than a complete copy of the key,
you may refer to its hash instead.
There are ways to prevent a breach today from exposing
secrets based on keys in the past.
What do you need?
TLS
CPS
OCSP
CRL
thumbprint
PFS
Abe, a security architect, needs to configure
Perfect Forward Secrecy for remote access for
employees working from home.
What can he use?
Select two.
DH
DHE
ECDHE
One-time pads
AES-GCM-256
Charlotte is in charge of VPN access to the data analysis
facility.
She has read that it is helpful to pad a secret with a
short text value before encrypting it.
What concept is she considering?
Salt
Nonce
Hash
PBKDF2
International, national, and state/provincial regulations
require the protection of personal privacy.
This makes confidentiality important, but it is not
the only security goal.
You need to protect both endpoint authentication and
data confidentiality in all data streams.
Which ciphers should you choose?
Select two.
AES-CBC
AES-CCMP
AES-CFB
AES-GCM
Which of these are advantages of WPA/2 Enterprise
over WPA/2 PSK?
Select two.
PKI
Stronger cipher suite
Higher performance
Integrated Active Directory
RADIUS
Tasha, a network engineer, is designing a wireless solution
for her large corporation.
She needs to specify the current best encryption,
supporting 802.1x with either LEAP or EAP-TLS.
What should she use?
Select three.
CCMP
AES-GCM-256
WPA/2 PSK
WPA/2 Enterprise
RADIUS
Active Directory
Blake has been asked to configure the web server to provide
Perfect Forward Secrecy.
This will provide which security feature:
Data sent from the server to the client will always be protected
Data sent from the client to the server will always be protected
A breach today does not expose keys from the past
A breach today does not expose keys in the future
Alice wants to send an encrypted message to Bob.
What does she need?
Alice's public key
Alice's private key
Bob's public key
Bob's private key
Alice has obtained a copy of Bob's certificate.
Which of these does it contain?
Bob's private key
Bob's public key
The CA's private key
The CA's public key
Alice has obtained a copy of what claims to be
Bob's certificate.
Which of these does she need to verify that it really
belongs to Bob?
Bob's private key
Bob's public key
The CA's private key
The CA's public key
Bob has just received an digitally signed, encrypted message
from Alice.
What does he need?
Select three.
Alice's certificate
Bob's certificate
The CA's certificate
Bob's public key
Bob's private key
Isaac is a cybersecurity architect for a financial services
company.
He has been tasked with securing key escrow.
The escrow storage is extremely sensitive.
What should he use to implement trustworthy key escrow?
Asymmetric encryption
M-of-N control
Certificate chaining
Off-site storage
Alice must send a message which only Bob can read.
What does Alice need?
Alice's private key
Alice's public key
Bob's private key
Bob's public key
Ellen is a webmaster for a major high technology company.
She will use virtual hosting to provide six web sites
with unique domain names on a single server: weyland-yutani.com www.weyland-yutani.com weyland-yutani.net www.weyland-yutani.net weyland-yutani.org www.weyland-yutani.org
That is, the same corporation name in three top-level domains,
both with and without leading "www.".
What would be the most economic way to obtain certificates?
Self-signed certificates
Wildcard certificates
Server Alternative Names
Six individual certificates
Which of the following is not needed to enable any user
to encrypt a message which only the intended recipient
can read?
PKI
Public keys
Private keys
Hashing
Lee is a security analyst at a software development company.
Their data is worth far more than the hardware on which it
is stored, and confidentiality is protected with strong
encryption.
However, management is also concerned about availability.
Lee has been tasked with providing availability of cleartext
versions of encrypted software, even if an employee
loses or destroys their decryption key.
What should be set up?
Escrow
Secret sharing
Certificate chaining
Key pinning
Key stapling
Charlize, a data archivist for a government agency, needs
to protect the confidentiality of a large data set.
A government regulation requires the use of the
Advanced Encryption Standard for this category of data.
But in which mode should she employ that cipher?
CBC
CCMP
ECB
GCM
Gary works for a bank, and is designing a wireless solution
for customers to use during their visits to bank branches.
Which two technologies should he deploy?
Select two.