PKI Example

Review Questions

You can find the solutions to these questions in Appendix A, "Answers to Review Questions."

1.

What problem does PKI solve?

  1. The lack of a common encryption standard for Internet applications
  2. The problem that asymmetric encryption techniques do not work without a PKI
  3. The fact that Diffie-Hellman is not secure
  4. The problem of scalable, secure key exchange
  5. The problem of manually issuing bulk certificates
  6. The performance problem when using RSA
2.

Which two statements about symmetric encryption are true?

  1. Symmetric encryption is a good choice for real-time encryption of bulk data.
  2. Symmetric encryption is commonly used to sign asymmetric keys.
  3. Symmetric encryption uses asymmetric keys.
  4. RSA is an example of a symmetric encryption algorithm.
  5. ASE is an example of a symmetric encryption algorithm.
  6. With symmetric encryption, the encryption key equals the decryption key.
3.

Which two statements about trusted introducers are incorrect?

  1. The trusted introducer has to be trusted by all other members of the system.
  2. The trusted introducer has to trust all other members of the system.
  3. The trusted introducer guarantees the authenticity of entities it is introducing to others.
  4. Only the trusted introducer has to trust the root of the system.
  5. The trusted introducer is the root of a system.
  6. Any entity of the system can guarantee the authenticity of any other member.
   
4.

Which statement about a certificate is true?

  1. A certificate includes the identity of the owner of the certificate and the symmetric key of the owner.
  2. A certificate includes the public key of the issuer.
  3. A certificate includes the identity of the owner of the certificate and the private key of the owner.
  4. A certificate includes the identity of the issuer of the certificate, the identity of the owner of the certificate, and the public key of the owner.
  5. A certificate does not include any keys in cleartext.
  6. A certificate includes an encrypted private key of the owner and a cleartext public key of the issuer.
5.

Which of the following are the two valid options to secure enrollment in a PKI?

  1. Perform the enrollment from a trusted device only.
  2. Perform the enrollment in both directions.
  3. Perform the enrollment over a trusted network.
  4. Use self-signed certificates on all devices.
  5. Do not send the private key in the enrollment.
  6. Perform mutual out-of-band authentication between the PKI user and CA.
6.

Which of the following is true about certificate revocation?

  1. Any entity of a PKI system that receives an untrusted certificate can request revocation of that certificate.
  2. The CA periodically revokes all expired certificates.
  3. Certificate revocation is needed when the public key has been transferred without a certificate.
  4. Certificate revocation is needed whenever the private key is not trustworthy anymore.
  5. Certificate revocation is needed whenever the public key is not trustworthy anymore.
  6. Certificate revocation is the process of adding a user to the PKI.
7.

What is the certificate of a web server used for when you are using SSL?

  1. It is used to authenticate the client.
  2. The public key of the server is used by the client when encrypting the data sent to the server.
  3. The private key of the server is used by the client when encrypting the data sent to the server.
  4. It is used to authenticate the server and to protect the challenge response traffic during client authentication.
  5. It is used to authenticate the server and to encrypt the symmetric session keys used for the asymmetric encryption of the data stream.
  6. It is used to authenticate the server and to encrypt the symmetric session keys used for the authentication and encryption of the data stream.
8.

Which of the following is an asymmetric encryption algorithm?

  1. AES
  2. Diffie-Hellman
  3. DES
  4. Blowfish
9.

When using asymmetric encryption, which key is transmitted from the sending to the receiving host?

  1. Public key
  2. Private key
  3. Shared secret key
  4. No keys are transmitted.
10.

A nontrusted user has obtained the certificate of one of your public web servers. What should be done to ratify this situation? (Select all that apply.)

  1. Nothing
  2. The certificate should be immediately revoked and published to a CRL.
  3. The certificate should be immediately revoked. Clients can immediately find this revocation if they are using OCSP.
  4. The private key should be regenerated on the web server.

Part I: Cisco CallManager Fundamentals

Introduction to Cisco Unified Communications and Cisco Unified CallManager

Cisco Unified CallManager Clustering and Deployment Options

Cisco Unified CallManager Installation and Upgrades

Part II: IPT Devices and Users

Cisco IP Phones and Other User Devices

Configuring Cisco Unified CallManager to Support IP Phones

Cisco IP Telephony Users

Cisco Bulk Administration Tool

Part III: IPT Network Integration and Route Plan

Cisco Catalyst Switches

Configuring Cisco Gateways and Trunks

Cisco Unified CallManager Route Plan Basics

Cisco Unified CallManager Advanced Route Plans

Configuring Hunt Groups and Call Coverage

Implementing Telephony Call Restrictions and Control

Implementing Multiple-Site Deployments

Part IV: VoIP Features

Media Resources

Configuring User Features, Part 1

Configuring User Features, Part 2

Configuring Cisco Unified CallManager Attendant Console

Configuring Cisco IP Manager Assistant

Part V: IPT Security

Securing the Windows Operating System

Securing Cisco Unified CallManager Administration

Preventing Toll Fraud

Hardening the IP Phone

Understanding Cryptographic Fundamentals

Understanding the Public Key Infrastructure

Understanding Cisco IP Telephony Authentication and Encryption Fundamentals

Configuring Cisco IP Telephony Authentication and Encryption

Part VI: IP Video

Introducing IP Video Telephony

Configuring Cisco VT Advantage

Part VII: IPT Management

Introducing Database Tools and Cisco Unified CallManager Serviceability

Monitoring Performance

Configuring Alarms and Traces

Configuring CAR

Using Additional Management and Monitoring Tools

Part VIII: Appendix

Appendix A. Answers to Review Questions

Index

show all menu



Authorized Self-Study Guide Cisco IP Telephony (CIPT)
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
ISBN: 158705261X
EAN: 2147483647
Year: 2004
Pages: 329
Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net