Question 1

A __________ indicates the length of time for which a ticket is valid (e.g., eight hours).

Accepted Answer

lifetimsession key

Question 2

The ticket-granting ticket is encrypted with a secret key known only to the authentication server and the ticket granting server.

Accepted Answer

The ticket-granting ticket (TGT) is encrypted with a secret key that is known only to the authentication server and the ticket-granting server, ensuring secure communication between these components in a Kerberos authentication system.

Question 3

When two end systems wish to communicate they establish a logical connection and, for the duration of that logical connection, all user data are encrypted with a one-time __________ which is destroyed at the end of the session.

Accepted Answer

key distribution center (KDC)

Question 4

User certificates generated by a CA need special efforts made by the directory to protect them from being forged.

Accepted Answer

User certificates generated by a Certificate Authority (CA) are inherently protected against forgery through the use of digital signatures. The CA's signature on a certificate is what assures its authenticity, not special efforts by a directory.

Question 5

One of the major roles of public-key encryption is to address the problem of key distribution.

Accepted Answer

Public-key encryption, also known as asymmetric encryption, uses two different keys for encryption and decryption: a public key, which is shared openly, and a private key, which is kept secret. This approach effectively addresses the problem of key distribution by eliminating the need to securely share a single, secret key between communicating parties, as is necessary with symmetric encryption. Instead, anyone can encrypt a message using the recipient's public key, but only the recipient can decrypt it using their private key.

Question 6

It is not required for two parties to share a secret key in order to communicate securely with conventional encryption.

Accepted Answer

In conventional (symmetric) encryption, both parties must share a secret key to encrypt and decrypt messages securely.

Question 7

The principal underlying standard for federated identity is the Security Assertion Markup Language (SAML) which defines the exchange of security information between online business partners. 1.A _________ is a key used between entities for the purpose of distributing session keys.

Accepted Answer

A master key is used between entities for the purpose of distributing session keys, facilitating secure communications by enabling the exchange of session keys that are used for encrypting messages in a session.

Question 8

For symmetric encryption to work the two parties to an exchange must share the same key, and that key must be protected from access by others.

Accepted Answer

Symmetric encryption uses the same key for both encryption and decryption, so both parties must have the same key. It is important to protect the key from others to maintain the security of the encrypted data.

Question 9

After determining which systems are allowed to communicate with each other and granting permission for the two systems to establish a connection, the _________ provides a one-time session key for that connection.

Accepted Answer

The answer of After determining which systems are allowed to...

Question 10

The automated key distribution approach provides the flexibility and dynamic characteristics needed to allow a number of users to access a number of servers and for the servers to exchange data with each other.

Accepted Answer

Automated key distribution systems are designed to dynamically manage and distribute cryptographic keys, allowing multiple users secure access to various servers and enabling secure server-to-server communications, thus providing the necessary flexibility and dynamic characteristics.

Question 11

X.509 is based on the use of public-key cryptography and digital signatures.

Accepted Answer

X.509 is a standard that defines the format of public key certificates, which use public-key cryptography and digital signatures to verify the identity of entities and secure communications.

Question 12

If the lifetime stamped on a ticket is very short (e.g., minutes) an opponent has a greater opportunity for replay.

Accepted Answer

A shorter lifetime on a ticket reduces the window of opportunity for an opponent to use it for replay attacks, as it becomes invalid more quickly.

Question 13

Kerberos version 4 did not fully address the need to be of general purpose.

Accepted Answer

Kerberos version 4 was primarily designed for Project Athena and thus had limitations, including a lack of scalability and flexibility, which made it less suitable for general-purpose use beyond its initial scope.

Question 14

Kerberos relies exclusively on asymmetric encryption and makes use of public key encryption.

Accepted Answer

Kerberos primarily uses symmetric encryption for the bulk of its authentication process, although it can use asymmetric encryption for certain aspects like initial authentication or cross-realm authentication.

Question 15

Federated identity management is a concept dealing with the use of a common identity management scheme across multiple enterprises and numerous applications and supporting many thousands, even millions, of users.

Accepted Answer

Federated identity management allows users to access multiple systems and applications across different organizations using a single set of credentials, facilitating seamless integration and access management on a large scale.

Question 16

The strength of any cryptographic system rests with the _________ technique, a term that refers to the means of delivering a key to two parties that wish to exchange data without allowing others to see the key.

Accepted Answer

The answer of The strength of any cryptographic system rests...

Question 17

A session key is destroyed at the end of a session.

Accepted Answer

A session key, used in cryptography for a single session, is typically destroyed at the end of the session to ensure the security of the data exchanged during that session.

Question 18

If an opponent captures an unexpired service granting ticket and tries to use it they will be denied access to the corresponding service.

Accepted Answer

The answer of If an opponent captures an unexpired service...

Question 19

It is not necessary for a certification authority to maintain a list of certificates issued by that CA that were not expired but were revoked.

Accepted Answer

Certification authorities must maintain a list of revoked certificates, known as a Certificate Revocation List (CRL), even if those certificates have not yet expired, to ensure that users and systems can check the revocation status of a certificate.

Question 20

Rather than building elaborate authentication protocols at each server, _________ provides a centralized authentication server whose function is to authenticate users to servers and servers to users.

Accepted Answer

The answer of Rather than building elaborate authentication protocols at...

Quiz 4: Key Distribution and User Authentication