Page 828 - StudyBook.pdf
P. 828
812 Appendix • Self Test Appendix
Answer C.The private key may have been exposed to someone while the laptop was in their
possession.
If the private key is destroyed (answer A), you should follow key recovery procedures.The cer-
tificate is supposed to circulate anywhere, even in public, so answer B is incorrect. If a new cer-
tificate is generated from the same private key (answer D), that’s just an overlap between two
valid certificates, a natural part of certificate renewal.
10. Which is an example of m of n control?
A. A personal check book for an individual.
B. A business check book, requiring signatures of two principals.
C. A locked door with a dead-bolt.
D. A bank vault with a time lock that allows opening at three separate times within a week.
Answer B.This is a “2-of-N” control, where N is the number of principals at the company.
Incorrect Answers & Explanations:Answer B requires one signature; answer C may require two
or more keys, but they are possessed by the same individual; and answer D does not specify
how many individuals may open the safe.
11. Which statement is true about a CRL?
A. A CRL may contain all revoked certificates, or only those revoked since the last CRL.
B. A CRL is published as soon as a revocation is called for.
C. A CRL only applies to one certificate.
D. A CRL lists certificates that can never be trusted again.
Answer A.A CRL may be simple, containing all certificates that have been revoked, or delta,
containing all certificates that have been revoked since the last CRL was published.
Answer B is not true. CRLs are published to a schedule.Answer C is not true of CRLs, but is
true of OCSP.Answer D is not true, because some of the certificates on the CRL may be
merely “suspended,” and will be trustable later.
www.syngress.com
