A. Hashing algorithms are used to derive an encrypted value from a message or word.
B. NIST is responsible for establishing the standards for general-purpose government encryption. NIST is also becoming involved in private-sector cryptography.
C. With asymmetric encryption, two keys are used—one to encode and the other to decode. The two keys are mathematical reciprocals of each other.
C. The Request for Comments (RFC) process allows all users and interested parties to comment on proposed standards for the Internet. The RFC editor manages the RFC process. The editor is responsible for cataloging, updating, and tracking RFCs through the process.
D. Nonrepudiation offers undisputable proof that a party was involved in an action.
A. TLS is a security protocol that uses SSL, and it allows the use of other security protocols.
C. A MAC as it relates to cryptography is a method of verifying the integrity of an encrypted message. The MAC is derived from the message and the key.
B. Key transmission is the largest problem from among the choices given. Transmitting private keys is a major concern. Private keys are typically transported using out-of-band methods to ensure security.
C. Access control refers to the process of ensuring that sensitive keys aren't divulged to unauthorized personnel.
A. Proper key storage requires that the keys be physically stored in a secure environment. This may include using locked cabinets, hardened servers, and effective physical and administrative controls.
A. A certificate authority (CA) is responsible for maintaining certificates in the PKI environment.
C. A Certificate Revocation List (CRL) is created and distributed to all CAs to revoke a certificate or key.
B. A local registration authority (LRA) can establish an applicant's identity and verify that the applicant for a certificate is valid. The LRA sends verification to the CA that issues the certificate.
C. Suspending keys is a good practice: It disables a key, making it unusable for a certain period of time. This can prevent the key from being used while someone is gone. The key can be reactivated when that person returns.
A. The certificate policies document defines what certificates can be used for.
A. Key escrow is the process of storing keys or certificates for use by law enforcement. Law enforcement has the right, under subpoena, to conduct investigations using these keys.
D. Online Certificate Status Protocol (OCSP) can be used to immediately verify a certificate's authenticity.
A. XML Key Management Specification (XKMS) is designed to allow XML-based programs access to PKI services.
A. Birthday attacks are based on the statistical likelihood of a match. As the key length grows, the probability of a match decreases.
D. Public keys are created to be distributed to a wide audience. The biggest security concern regarding their use is ensuring that the public keys maintain their integrity. This can be accomplished by using a thumbprint or a second encryption scheme in the certificate or key.
