Scribd
Upload
6 views

Data Security Tutorial 08 - Solutions

Uploaded by

shadyaymans525
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
6 views

Data Security Tutorial 08 - Solutions

Uploaded by

shadyaymans525
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

AID 413 Data Security

Tutorial 08

Mcq

1. What is the primary goal of cryptographic key management?


a) Encrypting data
b) Administering cryptographic keys
c) Monitoring public keys
d) Preventing network attacks
2. What is an ephemeral key?
a) A key used indefinitely
b) A key used only once or for a short period
c) A key stored in a secure database
d) A key used for public communication
3. Which protocol is used for key agreement?
a) RSA
b) Diffie-Hellman
c) AES
d) SHA-256
4. What ensures the authenticity of a digital signature?
a) Public Key Encryption
b) Certification Authority (CA)
c) Secure Sockets Layer
d) Firewalls
5. Which algorithm is typically used for creating digital signatures?
a) AES
b) RSA
c) Diffie-Hellman
d) SHA-256
6. What is the role of a Certification Authority (CA)?
a) Encrypt data for secure communication
b) Authenticate and issue digital certificates
c) Monitor network traffic
d) Generate private keys
7. What is the purpose of a public key in a certificate?
a) To encrypt data
b) To verify a digital signature
c) To revoke certificates
d) To authenticate users
8. What is the main drawback of public key announcement in key distribution?
a) High computational cost
b) Possibility of forgery
c) Requirement of a trusted third party
d) Complex key exchange process
9. What happens if the values from hashing and decryption during signature
verification match?
a) The signature is verified.
b) The signature is unverified.
c) The sender’s key has expired.
d) The certificate is revoked.
10. Which protocol extension helps in defining alternative names for the
certificate subject?
a) Key policy extension
b) Subject alternative name
c) X.500 directory extension
d) Serial number extension
11. What is the purpose of a Hardware Security Module (HSM) in key
management?
a) To generate public keys for users
b) To securely store private keys
c) To revoke compromised certificates
d) To issue new certificates for users
12. What does the term "certificate revocation" imply?
a) Immediate expiration of the certificate's validity period
b) Withdrawal of a certificate before its expiration
c) Issuance of a new certificate to the same user
d) Replacement of the public key in the certificate
13. Which hashing algorithms are typically used in the digital signature
process?
a) AES and RSA
b) MD5 and SHA-1
c) Diffie-Hellman and SHA-256
d) X.509 and X.500
14. What happens if a private key associated with a certificate is compromised?
a) The certificate is revoked.
b) The certificate is renewed.
c) The certificate remains valid.
d) The certificate becomes a CRL.
15. What is a "trusted agency" in Public Key Infrastructure (PKI)?
a) Certification Authority (CA)
b) Diffie-Hellman key generator
c) Hardware Security Module (HSM)
d) Public directory system

Essay
1. Explain the process of cryptographic key management.
Cryptographic key management is the process of administering or managing
cryptographic keys for a cryptographic system.
It involves the generation, creation, protection, storage, exchange, replacement,
and use of keys and enables selective restriction for certain keys.
Key management also involves the monitoring and recording of each key’s access,
use, and context.
2. Discuss the reasons to revoke a certificate before it expires

• The user’s private key is assumed to be compromised

• The user is no longer certified by this CA

• The CA’s certificate is assumed to be compromised

3. Discuss the steps involved in the digital signature process.

Step 1: Hash (digest) the data using one of the supported Hashing algorithms, e.g.,
MD2, MD5, or SHA-1.

Step 2: Encrypt the hashed data using the sender’s private key.

Step 3: Append the signature (and a copy of the sender’s public key) to the end of
the data that was signed.
4. Explain the concept of Certificate Revocation List (CRL) and its importance in
cryptographic systems.
A CRL is a list maintained by a Certification Authority (CA) that contains revoked
certificates that are still within their validity period. Certificates may be revoked due
to key compromise, loss of trust in the user, or CA compromise. CRLs are essential
in cryptographic systems to ensure that entities do not trust compromised or invalid
certificates, maintaining the security of communications and authentication
processes.

5. Discuss by drawing the lifecycle of a digital certificate

You might also like