Page 825 - StudyBook.pdf
P. 825

Self Test Appendix • Appendix  809


                  Answer D.A root CA.
                  You will most likely contact a RA (answer A) to prove your identity as a representative of your
                    company, and you will be receiving your issued certificate from the leaf CA (answer B).You
                    will also want to escrow your private key with a key escrow agent (answer C) so that it can be
                    recovered in the event of your departure from the company, or your losing the key. However,
                    you will never want to contact the root CA, because the root CA is only used to form the trust
                    anchor at the root of the certificate chain.

                 2.  What portion of the information in your certificate should be kept private?
                      A. All of it. It is entirely concerned with your private information.
                      B. None of it.There is nothing private in the certificate.
                      C. The thumbprint, that uniquely identifies your certificate.
                      D. The public key listed in the certificate.
                  Answer B.The certificate contains no private information, and its design is that it should be
                    transmitted publicly and shared with anyone who connects to your server.
                  The thumbprint is simply an identifier, like a unique name, and the public key is, of course,
                    public.Answers A, C and D are incorrect because they suggest that the certificate contains some
                    or all private information.

                 3.  In creating a key recovery scheme that should allow for the possibility that as many as two of
                    the five key escrow agents are unreachable, what scheme is most secure to use?
                      A. Every escrow agent gets a copy of the key.
                      B. M of n control, where m is 3 and n is 5.
                      C. Every escrow agent gets a fifth of the key, and you keep copies of those parts of the key
                         so that you can fill in for unreachable agents.
                      D. Keep an extra copy of the key with family members, without telling them what it is.
                  Answer B. M of n control is necessary for providing for key recovery in a secure manner while
                    accommodating the possibility that a number of agents are unreachable.
                  If every escrow agent gets a copy of the key (answer A), then any one of them is able to imper-
                    sonate you. If every agent gets a fifth of the key (answer C), you can recover the key if all five
                    agents are available, but if you are covering for unreachable agents, then you face the likelihood
                    that the same disaster that wiped out your key also wiped out your copy of the key. Storing
                    keys with family members (answer D) is not secure.
















                                                                              www.syngress.com
   820   821   822   823   824   825   826   827   828   829   830