D334 - PKI Drill

x.509

The standard that defines the format used with public-key digital certificates.

CSR

A Certificate Signing Request that an entity submits to the CA to formally request a digital certificate.

• CRL

• OCSP

Which mechanisms from the list below can be checked to verify the validity of a digital certificate? Select two.

CA signs the list with the CA's own private key

What action does a CA take prior to publishing a CRL to ensure the list can be validated as authentic by those checking it for certificate statuses?

PKCS #7

_____ is a public-key cryptography standard used to sign and/or encrypt messages for PKI.

an asymmetric key pair

An entity looking to obtain a digital certificate must first generate ____.

Initialization

Certificate creation occurs during which stage of certificate management?

the issuing CA

Certificate revocation lists are published by _____.

period of validity

The timeframe a digital certificate is considered to be valid and can be trusted is known as the _____.

DER

Which encoding scheme for X.509 certificates supports binary format?

Issued

Certificate validation occurs during which stage of certificate management?

key pair (one private key, one public key)

Public key cryptography involves the use of a ____ for encryption and decryption.

PKCS #10

If Shawn were to generate a CSR to submit to a CA, what PKCS standard would be used?

CA

A ____ is a trusted third party that creates and issues digital certificates.

a CSR; their public key

An entity seeking a digital certificate will provide the CA with ___ and ____ as part of the initial request.

PKCS #12

Which public-key cryptography standard is used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust?

Cancellation

Certificate revocation occurs during which stage of certificate management?

revoked

___ describes the condition where a certificate is moved to an invalid or untrusted state before its original expiration date that cannot be reversed.

CA

A ___ validates the unique identifying information and public key information submitted by a requester and creates a digital certificate which essentially binds the requester's identity and public key to the certificate.

PEM

Which encoding scheme for X.509 certificates supports Base64 and ASCII text formats?

CER

Which common X.509 certificate file type supports formats used by the PEM and DER encoding schemes?

Cancellation

Certificate expiration occurs during which stage of certificate management?

CA will sign the certificate with its own private key

What will a certificate authority (CA) do just before issuing a digital certificate to a requesting entity?

PKCS #5

_____ is a public-key cryptography standard used for password-based encryption.

Hold

___ describes the condition where a certificate is moved to an invalid or untrusted state prior to its original expiration date, that can be reversed following investigation resolution.