Which technology provides an automated digital certificate management system for use with
IPsec?
A.
ISAKMP
B.
public key infrastructure
C.
Digital Signature Algorithm
D.
Internet Key Exchange
Explanation:
A PKI is composed of the following entities:
• Peers communicating on a secure network
• At least one certification authority (CA) that grants and maintains certificates
• Digital certificates, which contain information such as the certificate validity period, peer identity
information, encryption keys that are used for secure communication, and the signature of the
issuing CA
• An optional registration authority (RA) to offload the CA by processing enrollment requests
• A distribution mechanism (such as Lightweight Directory Access Protocol [LDAP] or HTTP) for
certificate revocation lists (CRLs)
PKI provides customers with a scalable, secure mechanism for distributing, managing, and
revoking encryption and identity information in a secured data network. Each entity (router or PC)
participating in the secure communication is enrolled, a process by which the entity generates a
Rivest, Shamir, and Adelman (RSA) key pair (one private key and one public key) and has its
identity validated by a trusted entity (also known as a CA).
After each entity enrolls in a PKI, every peer (also known as an end host) in a PKI is granted a
digital certificate that has been issued by a CA. When peers must negotiate a secured
communication session, they exchange their digital certificates. Using the information in the
certificate, a peer can validate the identity of another peer and establish an encrypted session with
the public keys contained in the certificate.
Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/layered-perimetersecurity-managed-services/prod_white_paper0900aecd805249e3.html