What is the definition of Public Key Infrastructure (PKI)?
A system of policies, procedures, hardware, and software responsible for creating, distributing, managing, storing, revoking, and processing digital certificates.
What is the purpose of Public Key Infrastructure (PKI)?
To establish trust by associating a certificate to people or devices, often in conjunction with a Certificate Authority (CA).
What is a Certificate Authority (CA)?
A trusted entity that issues digital certificates and vouches for the identity of the entities to whom it issues certificates.
What is symmetric encryption?
An encryption method where the same single secret key is used for both encrypting plaintext into ciphertext and decrypting ciphertext back into plaintext.
What are two alternative terms for symmetric encryption?
- Secret key algorithm
- Shared secret
What is the main scalability challenge associated with symmetric encryption?
The difficulty in securely sharing and managing the single secret key among a growing number of individuals or devices.
Why is symmetric encryption still widely used despite its scalability issues?
It is very fast and has low computational overhead compared to asymmetric encryption.
What is asymmetric encryption?
An encryption method that uses two different, mathematically related keys: a public key for encryption and a private key for decryption.
What are the roles of the public key and private key in asymmetric encryption?
- Private Key: Exclusively held by one person or device, used for decryption.
- Public Key: Freely distributed and available to anyone, used for encryption.
In the encryption process, whose public key does Bob use to send a message to Alice?
Alice’s public key.
Whose private key is used to decrypt the message sent from Bob to Alice?
Alice’s private key.
Can a private key be derived from its corresponding public key?
No, it is impossible to derive or reverse-engineer the private key from the public key.
What is key escrow?
The practice of storing copies of cryptographic keys with a third party or within an organizational system.
Why might an organization implement key escrow?
To maintain access to encrypted data for business continuity, such as when an employee leaves or for compliance with data access requirements.
Why is it important to protect a private key with a password?
To add an additional layer of security and prevent unauthorized access to the key.
Fill in the blank: Symmetric encryption uses the same _______ for both encryption and decryption.
secret key
What is the key management challenge in organizations regarding asymmetric encryption?
Managing hundreds or thousands of public/private key pairs.
What are digital certificates?
Electronic documents used to prove the ownership of a public key.
What does the term ‘key pair’ refer to in asymmetric encryption?
The set of two mathematically related keys (public and private) generated simultaneously.
What is the ‘power and magic’ of asymmetric cryptography?
Anyone with the public key can encrypt data, but only the holder of the corresponding private key can decrypt it.
What is the scalability problem in symmetric encryption?
The complexity of distributing keys to everyone who needs to decrypt data and tracking which key belongs to whom.
What is the key generation process in asymmetric encryption?
The simultaneous creation of a public and private key pair, often involving randomization and large prime numbers.
True or False: Asymmetric encryption uses the same key for both encryption and decryption.
False
-
1.1 Security Control Types and Categories31
-
1.2 The CIA Triad: A Study Guide22
-
1.2 Digital Signatures: Ensuring Integrity and Origin - Study Guide25
-
1.2 AAA Framework and Authorization26
-
1.2 IT Security Gap Analysis: A Comprehensive Study23
-
1.2 Zero Trust Networks and Adaptive21
-
1.2 Physical Security Controls: Methods and Technologies26
-
1.2 IT Security Deception and Disruption: Honeypots, Honeyfiles, and Honeytokens18
-
1.3 Formal Change Control Processes: A Study Guide21
-
1.3 The Technician's Role in Change Control Implementation33
-
1.4 Cybersecurity Cryptography: Encryption and Public Key Infrastructure23
-
1.4 Data Encryption and Its Algorithms31
-
1.4 Secure Key Exchange Methods22
-
1.4 Cryptography's Guardians: TPM, HSM, and Secure Enclaves10
-
1.4 Obfuscation and Hidden Data Techniques21
-
1.4 Cryptographic Hashes and Digital Signatures25
-
1.4 Blockchain Essentials21
-
1.4 Digital Certificates18
-
2.1 Understanding Threat Actors18
-
2.2 Navigating Threat Vectors and Attack Paths26
-
2.2 The Art of Phishing: Recognizing and Avoiding Scams17
-
2.2 The Impersonation Playbook: Scams, Fraud, and Prevention18
-
2.2 Cybersecurity Fundamentals: Watering Hole Attacks and Layered Defense20
-
2.2 The Digital Deception Playbook24
-
2.3 Malware Memory Injection: Understanding the Threat20
-
2.3 Buffer Overflow Attacks23
-
2.3 Race Conditions and TOCTOU Attacks20
-
2.3 Secure Software Updates32
-
2.3 Operating System Patching15
-
2.3 Understanding Code and SQL Injection Attacks19
-
2.3 Code Injection Attack20
-
2.3 Understanding Cross-Site Scripting (XSS) Attacks27
-
2.3 IoT Firmware and Device Lifecycle Security17
-
2.3 Virtual Machine Security Vulnerabilities21
-
2.3 Cloud Security: Understanding Threats and Vulnerabilities31
-
2.3 Supply Chain Security and Third-Party Risk29
-
2.3 Cybersecurity Vulnerabilities and Countermeasures25
-
2.3 Mobile Device Security: Risks and Countermeasures17
-
2.3 Zero-Day Vulnerabilities and Attacks23
-
2.4 Understanding Malware26
-
2.4 Understanding Computer Viruses and Worms27
-
2.4 Digital Intruders: Spyware and Bloatware19
-
2.4 Cybersecurity Threats: Keyloggers, Logic Bombs, and Rootkits22
-
2.4 DNS Poisoning and URL Hijacking27
-
2.4 Wireless Network Attacks: Deauthentication and RF Jamming22
-
2.4 Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks21
-
2.4 On-Path and Man-in-the-Middle Attacks21
-
2.4 Replay Attacks and Session Hijacking24
-
2.4 Malicious Code Attacks and Defenses17
-
2.4 Application Security Fundamentals20
-
2.4 Cryptography's Vulnerabilities28
-
2.4 Password Hashes and Brute Force Attacks24
-
2.4 Indicators of Compromise and Security Best50
-
2.5 Network Segmentation and Access17
-
2.5 Cybersecurity Mitigation Techniques and Best Practices29
-
2.5 System and Endpoint Hardening Fundamentals28
-
3.1 Cloud Infrastructure11
-
3.1 Network Isolation, Virtualization, and Cloud Infrastructure22
-
3.1 IT Security Considerations and Infrastructure Technologies24
-
3.1 IT Infrastructure and Operational Resilience16
-
3.2 Network Security Zones and Attack Surfaces23
-
3.2 Intrusion Prevention and Detection Systems21
-
3.2 Network Appliances:16
-
3.2 Port Security25
-
3.2 Network Firewall Concepts23
-
3.2 Secure Network Communication Technologies (VPN, SD-WAN, and SASE)20
-
3.3 Data Types and Classifications17
-
3.3 States of Data, Security, and Sovereignty19
-
3.3 Data Protection Methods and Security Techniques22
-
3.4 High Availability and Resilience Architectures18
-
3.4 Cryptography's Vulnerabilities: Birthday Attacks and SSL Stripping19
-
3.4 A Beginner's Guide to Keeping Systems Running: Understanding Disaster Recovery16
-
3.4 Backup Strategies and Recovery21
-
3.4 Data Center Power and Backup Systems16
-
4.1 Application Security Baselines and Deployment10
-
4.1 System and Device Hardening22
-
4.1 Wireless Site Surveys and Mobile Device Management21
-
4.1 Wireless Network Security Protocols and Authentication17
-
4.1 Application Security Development and Testing24
-
4.2 Asset Management26
-
4.3 Vulnerability Scanning15
-
4.3 Threat Intelligence17
-
4.3 Penetration Testing20
-
4.3 Analyzing Vulnerabilities19
-
4.3 Vulnerability Remediation17
-
4.4 Security Monitoring21
-
4.4 Security Tools37
-
4.5 Firewalls32
-
4.5 Web Filtering22
-
4.5 Operating System Security11
-
4.5 Secure Protocols14
-
4.5 Email Security18
-
4.5 Monitoring Data19
-
4.5 Endpoint Security27
-
4.6 Identity and Access Management29
-
4.6 Access Controls17
-
4.6 Multifactor Authentication17
-
4.6 Password Security18
-
4.7 Scripting and Automation27
-
4.8 Incident Response20
-
4.8 Incident Planning17
-
4.8 Digital Forensics17
-
4.9 Log Data31
-
5.1 Security Policies18
-
5.1 Security Standards20
-
5.1 Security Procedures24
-
5.1 Security Considerations17
-
5.1 Data Roles and Responsibilities10
-
5.2 Risk Management14
-
5.2 Risk Analysis20
-
5.2 Risk Management Strategies24
-
5.2 Business Impact Analysis12
-
5.3 Third-party Risk Assessment24
-
5.3 Agreement Types12
-
5.4 Compliance20
-
5.4 Privacy15
-
5.5 Audits and Assessments11
-
5.5 Penetration Tests18
-
5.6 Security Awareness19
-
5.6 User Training22
