Page 827 - StudyBook.pdf
P. 827
Self Test Appendix • Appendix 811
Intermediate CAs (answer B) are signed by another CA; Leaf CAs (answer C) are signed by the
intermediate or root CA above them; subordinate CAs (answer D) are signed by the CA above
them.Answer E – all CAs – cannot be true unless all A-D are true.
7. Where would you search to find documentation on the formats in which certificates and keys
can be exchanged?
A. ITU X.500 standards.
B. Internet Requests For Comment (RFCs).
C. PKCS standards.
D. ITU X.509 standards.
E. Internet Drafts.
Answer C – the PKCS standards define formats for exchange of certificates, keys, and
encrypted information.
The ITU X.500 standard (answer A) defines addresses; X.509 (answer D) defines certificates,
but not the formats in which they are exchanged.The Internet Drafts (answer E) and Internet
RFCs (answer B) define a large number of protocols, but not all of the PKCS standards.
8. Which of the following certificate lifecycle events is best handled without revoking the certifi-
cate?
A. The contact e-mail address for the certificate changes to a different person.
B. The certificate reaches its expiry date.
C. The company represented by the certificate moves to a new town in the same state.
D. The certificate’s private key is accidentally posted in a public area of the Web site.
Answer B.When the certificate reaches its expiry date, it naturally expires everywhere, and you
should already have requested a renewal certificate with a later expiry date.
The other answers are all reasons to revoke the certificate as soon as possible.Answer A, a
change of contact e-mail address, requires revoking the certificate to prevent the old e-mail
contact from being able to submit a request for a changed certificate; a change of address
(answer C) voids information in the certificate, so that it is no longer a true statement of iden-
tity; accidental (or deliberate) exposure of the private key to unauthorized parties results in the
certificate being unreliable as a uniquely identifying piece of information.
9. If you are following best PKI practices, which of the following would require a certificate to be
revoked?
A. The private key is destroyed in an unfortunate disk crash.
B. The certificate has been found circulating on an underground bulletin board.
C. The private key was left on a laptop that was stolen, then recovered.
D. A new certificate is generated for the same private key
www.syngress.com
