PrepAway - Latest Free Exam Questions & Answers

What is the purpose of certification path validation?

What is the purpose of certification path validation?

PrepAway - Latest Free Exam Questions & Answers

A.
Checks the legitimacy of the certificates in the certification path.
Known-plaintext attack

B.
Checks that all certificates in the certification path refer to same certification practice statement.
Ciphertext-only attack

C.
Checks that no revoked certificates exist outside the certification path.
Revoked certificates are not checked outside the certification path. “A Transaction with Digital
Certificates 1.)Subscribing entity sends Digital Certificate Application to Certificate Authority.
2.)Certificate Authority issues Signed Digital Certificate to Subscribing Entity. 3.)Certificate Authority
sends Certificate Transaction to Repository. 4.)Subscribing Entity Signs and sends to Party
Transacting with Subscriber. 5.)Party Transacting with Subscriber queries Repository to verify
Subscribers Public Key. 6.)Repository responds to Party Transacting with Subscriber the verification
request.” Pg. 214 Krutz: The CISSP Prep Guide: Gold Edition. “John needs to obtain a digital
certificate for himself so that he can participate in a PKI, so he makes a request to the RA. The RA
requests certain identification from John, like a copy of his driver’s licens, his phone number,
address, and other identification information. Once the RA receives the required informoration from
John and verifies it, the RA sends his certificate request to the CA. The CA creates a certificate with
John’s public key and identify information embedded. (The private/public key pair is either
generated by the CA or on John’s machine, which depends on the systems’ configurations. If it is
created at the CA, his private key needs to be sent to him by secure means. In most cases the user
generates this pair and sends in his public key during the registration process.) Now John is
registered and can participate in PKI. John decides he wants to communicate with Diane, so he
requests Diane’s public key from a public directory. The directory, sometimes called a repository,
sends Diane’s public key, and John uses this to encrypt a session key that will be used to encrypt
their messages. John sends the encrypted session key to Diane. Jon then sends his certificate,
containing his public key, to Diane. When Diane receives John’s certificate, her browser looks to see
if it trusts the CA that digitally signed this certificate. Diane’s browser trusts this CA, and she makes a
reques to the CA to see if this certificate is still valid. The CA responds that the certificate is valid, so
Diane decrypts the session key with her private key. Now they can both communicate using
encryption.” Pg 499 Shon Harris: All-In-One CISSP Certification Guide.
QUESTION 809

In what type of attack does an attacker try, from several encrypted messages, to figure out the key
using the encryption process?
Chosen-Ciphertext attack

D.
Checks that the names in the certification path are the same.
Known Ciphertext attack

C.
Checks that no revoked certificates exist outside the certification path.
Revoked certificates are not checked outside the certification path. “A Transaction with Digital
Certificates 1.)Subscribing entity sends Digital Certificate Application to Certificate Authority.
2.)Certificate Authority issues Signed Digital Certificate to Subscribing Entity. 3.)Certificate Authority
sends Certificate Transaction to Repository. 4.)Subscribing Entity Signs and sends to Party
Transacting with Subscriber. 5.)Party Transacting with Subscriber queries Repository to verify
Subscribers Public Key. 6.)Repository responds to Party Transacting with Subscriber the verification
request.” Pg. 214 Krutz: The CISSP Prep Guide: Gold Edition. “John needs to obtain a digital
certificate for himself so that he can participate in a PKI, so he makes a request to the RA. The RA
requests certain identification from John, like a copy of his driver’s licens, his phone number,
address, and other identification information. Once the RA receives the required informoration from
John and verifies it, the RA sends his certificate request to the CA. The CA creates a certificate with
John’s public key and identify information embedded. (The private/public key pair is either
generated by the CA or on John’s machine, which depends on the systems’ configurations. If it is
created at the CA, his private key needs to be sent to him by secure means. In most cases the user
generates this pair and sends in his public key during the registration process.) Now John is
registered and can participate in PKI. John decides he wants to communicate with Diane, so he
requests Diane’s public key from a public directory. The directory, sometimes called a repository,
sends Diane’s public key, and John uses this to encrypt a session key that will be used to encrypt
their messages. John sends the encrypted session key to Diane. Jon then sends his certificate,
containing his public key, to Diane. When Diane receives John’s certificate, her browser looks to see
if it trusts the CA that digitally signed this certificate. Diane’s browser trusts this CA, and she makes a
reques to the CA to see if this certificate is still valid. The CA responds that the certificate is valid, so
Diane decrypts the session key with her private key. Now they can both communicate using
encryption.” Pg 499 Shon Harris: All-In-One CISSP Certification Guide.
QUESTION 809

In what type of attack does an attacker try, from several encrypted messages, to figure out the key
using the encryption process?
Chosen-Ciphertext attack

A.
Checks the legitimacy of the certificates in the certification path.
Known-plaintext attack

B.
Checks that all certificates in the certification path refer to same certification practice statement.
Ciphertext-only attack

C.
Checks that no revoked certificates exist outside the certification path.
Revoked certificates are not checked outside the certification path. “A Transaction with Digital
Certificates 1.)Subscribing entity sends Digital Certificate Application to Certificate Authority.
2.)Certificate Authority issues Signed Digital Certificate to Subscribing Entity. 3.)Certificate Authority
sends Certificate Transaction to Repository. 4.)Subscribing Entity Signs and sends to Party
Transacting with Subscriber. 5.)Party Transacting with Subscriber queries Repository to verify
Subscribers Public Key. 6.)Repository responds to Party Transacting with Subscriber the verification
request.” Pg. 214 Krutz: The CISSP Prep Guide: Gold Edition. “John needs to obtain a digital
certificate for himself so that he can participate in a PKI, so he makes a request to the RA. The RA
requests certain identification from John, like a copy of his driver’s licens, his phone number,
address, and other identification information. Once the RA receives the required informoration from
John and verifies it, the RA sends his certificate request to the CA. The CA creates a certificate with
John’s public key and identify information embedded. (The private/public key pair is either
generated by the CA or on John’s machine, which depends on the systems’ configurations. If it is
created at the CA, his private key needs to be sent to him by secure means. In most cases the user
generates this pair and sends in his public key during the registration process.) Now John is
registered and can participate in PKI. John decides he wants to communicate with Diane, so he
requests Diane’s public key from a public directory. The directory, sometimes called a repository,
sends Diane’s public key, and John uses this to encrypt a session key that will be used to encrypt
their messages. John sends the encrypted session key to Diane. Jon then sends his certificate,
containing his public key, to Diane. When Diane receives John’s certificate, her browser looks to see
if it trusts the CA that digitally signed this certificate. Diane’s browser trusts this CA, and she makes a
reques to the CA to see if this certificate is still valid. The CA responds that the certificate is valid, so
Diane decrypts the session key with her private key. Now they can both communicate using
encryption.” Pg 499 Shon Harris: All-In-One CISSP Certification Guide.
QUESTION 809

In what type of attack does an attacker try, from several encrypted messages, to figure out the key
using the encryption process?
Chosen-Ciphertext attack

D.
Checks that the names in the certification path are the same.
Known Ciphertext attack

Explanation:
Not

“Ciphertext-Only Attack In this type of attack, the attacker has the ciphertext of several messages.
Each of the messages has been encrypted using the same encryption algorithm. The attacker’s goal
is to discover the key that was used in the encryption process. Once the attacker figures out the key,
she can decrypt all other messages encrypted with the same key. A ciphertext-only attack is the
most common because it is very easy to get ciphertext by sniffing someone’s traffic, but it is the
hardest attack to actually be successful at because the attacker has so little information about the
encryption process.” Pg 531 Shon Harris CISSP All-In-One Exam Guide


Leave a Reply