M4 - U3 - S4 - Digital Certificates and Anti-Phishing

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/11

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

12 Terms

1
New cards

True

  • The public key can’t be used to decrypt the message once encrypted

  • Only the linked private key can be used to do that

True or False: When a web browser communicates with a secure (HTTPS) server, it accepts the server's digital certificate to use its public key to encrypt communications

2
New cards

Asymmetric Encryption

  • A method of encrypting and decrypting data using a pair of keys: a public key and a private key

    • The public key is used to encrypt plaintext

    • The private key is used to decrypt the resulting ciphertext

3
New cards

Certificate Authority

  • Third party/entity that issue digital certificates to verify the identity of users, computers, and organisations

    • Relied on by browsers and servers to vouch for server identity

4
New cards

True

True or False: Having a certificate is not in itself any proof of identity

5
New cards

Public Key Infrastructure

A set of technologies and processes that use encryption to protect and authenticate digital communications

6
New cards

Root Certificates

A browser is pre-installed with a number of ____ which are automatically trusted

  • These represent the commercial CAs that grant certificates to most of the companies that do business on the web

7
New cards

True

  • Third-party browsers such as Firefox and Chrome maintain their own stores

True or False: Windows has a certificate store that Microsoft Internet Explorer and Edge browsers use

8
New cards
<ul><li><p>Padlock </p><ul><li><p>Certificate is valid and trusted - click for info</p></li></ul></li><li><p>Padlock + Green Address bar</p><ul><li><p><span>Certificate is <u>highly trusted</u> - site owner has gone through even more <u>rigorous</u> <u>identity validation procedure</u></span></p></li></ul></li><li><p>Maroon Address Bar</p><ul><li><p>Certificate is untrusted</p></li><li><p>Site will be blocked by warning message</p></li></ul></li></ul><p></p>

  • Padlock

    • Certificate is valid and trusted - click for info

  • Padlock + Green Address bar

    • Certificate is highly trusted - site owner has gone through even more rigorous identity validation procedure

  • Maroon Address Bar

    • Certificate is untrusted

    • Site will be blocked by warning message

Indications of certificate validity

<p>Indications of certificate validity</p>
9
New cards

True

  • If a certificate has not been issued by a one of the trusted root CAs, Windows will warn you that the publisher cannot be verified

    • When you try to install an add-on or other type of application

True or False: Digital certificates are also used to verify the identity of software publishers

10
New cards

Domain name

Another important step in validating the identity of a site is to confirm its ________

11
New cards

Phishing/Pharming

  • Techniques to direct users to fake or manipulated websites

  • Often use well-known subdomains as part of the address

    • e.g. comptia. phishing. org

    • The browser highlights the registered domain part of the address so that you can verify it

12
New cards

Anti-phishing protection software

Most browsers run ______ to block access to URLs known to be the source of phishing attempts or that host malware

Explore top notes

Explore top flashcards