Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search

Table Of Contents  CertiGuide to Security+
 9  Chapter 7:  Practice Exam Answers

Previous Topic/Section
Answers to Questions 66-70
Previous Page
Pages in Current Topic/Section
Next Page
Answers to Questions 76-80
Next Topic/Section

Answers to Questions 71-75

71. Revocation of a certificate can be accomplished with (choose all that apply):





Explanation: "Revocation data can be published in a CRL (certificate revocation list), which is a signed list of certificate serial numbers; a CRDP (certificate revocation distribution point), which consists of partitioned CRLs; or an OCSP (online certificate status protocol), a client/server protocol used to query a VA (validation authority) for certificate status." -- Network Computing

A CRC is a checksum computation not involved in certificate revocation.

& Section 4.5.5: (Certificate) Revocation


72. E-mail clients do a great job of checking the status of a digital certificate:

A. True

B. False

Explanation: "Software that verifies signatures (such as e-mail clients) should automatically check our Certificate Revocation List before relying on the signature, but many software packages either don't do this very well or at all. So, it is good practice to do a check yourself before relying on a certificate." -- Entrust

& Section Status Checking (Certificate Revocation)

& Section Status Checking (Certificate Suspension)


73. If it seems possible a private key was compromised, while an investigation is under way, the first step is to:

A. Revoke the certificate

B. Suspend the certificate

C. Re-issue a new certificate

D. All choices are correct

E. No choice is correct

Explanation: "An IA shall suspend a subordinate IA's certificate upon the request of a duly authorized representative of the subordinate IA or of a person claiming to be the subordinate IA or a person in a position likely to know of a compromise of the subordinate IA's private key, such as an agent or employee of the subordinate IA. Such suspension must be undertaken in accordance with the suspension prerequisites." -- Eurotrust

Since suspension is not irreversible, but disables the use of the key just like revocation, it is a good intermediate step to take until you are sure that the key has been compromised and can no longer be trusted.

& Section 4.5.6: (Certificate) Suspension


74. When a private key is critical for recovery and protecting assets of a high enough value that no single person should be in charge of the key the process is to (choose all that apply):

A. Guard the private key on hardware with a security guard in place

B. Encrypt portions of the private key on numerous hardware tokens

C. Require a minimum number of secured hardware tokens come together to recreate the private key

Explanation: "Private key (n out of m) multi-person control. Access to cryptographic module containing the root CA requires the insertion of cryptographic hardware tokens into the cryptographic signer. A minimum number of required hardware tokens out of the total numbers of hardware tokens must be inserted one at a time to access the cryptographic module." --

& Section M of N Control (Key Recovery)


75. The issue of a single digital certificate:

A. Identities a person, not roles.

B. Cannot be used for encryption if it is to also be used for a digital signature in a non-repudiation manner.

C. Both choices are correct

D. Neither choice is correct

E. One choice is correct


1. The same person may be simultaneously a patient, a doctor and a coroner.

2. Dual key pair support is critical for applications that utilize both encryption and digital signatures. An end user needs one key pair for encryption and another for digital signing so that the encryption key pair can be backed up without compromising the integrity of the user's digital signatures.

& Multiple Key Pairs (Single, Dual)

Previous Topic/Section
Answers to Questions 66-70
Previous Page
Pages in Current Topic/Section
Next Page
Answers to Questions 76-80
Next Topic/Section

If you find useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $

Home - Table Of Contents - Contact Us

CertiGuide for Security+ ( on
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al. Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.