StudyXY
RegisterLog in
Information Technology /CompTIA Security+ (SY0-601): Public Key Infrastructure

CompTIA Security+ (SY0-601): Public Key Infrastructure

Information Technology22 CardsCreated about 2 months ago

This section covers the foundational components of PKI, which is the framework that uses public key cryptography to manage digital certificates, secure communication, and authenticate identities. It explains certificates, X.509 standards, wildcard and SAN certificates, and the differences between single-sided and dual-sided validation.

PrintEmbedImportReport

PKI

Public Key Infrastructure:
An entire system of hardware, software, policies, procedures, and people that is based on asymmetric encryption

PKI and public key encryption are related but they are not the same thing

PKI is the entire system and just uses public key cryptography to function

Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/22

Key Terms

Term
Definition

PKI

Public Key Infrastructure:
An entire system of hardware, software, policies, procedures, and people that is based on asymmetric encryption

Certificates

Digitally-signed electronic documents that bind a public key with a user’s identity

X.509

Standard used PKI for digital certificates and contains the owner/user’s information and the certificate authority’s information

Wildcard Certificates

Allow all of the subdomains to use the same public key certificate and have it displayed as valid

Wildcard certifica...

Subject Alternative Name (SAN)

Subject Alternative Name:

Allows a certificate owner to specify additional domains and IP a...

Single vs. Dual-sided Certificates

Single-sided certificates only require the server to be validated

Dual-sided certificates require both the server an...

Log in to view all terms

Related Flashcard Decks

Information Technology

Security+ (SY0-701): Additional Knowledge

This flashcard set explores various cybersecurity topics including credential-stuffing attacks, data classification (e.g., private data), and key disaster recovery metrics like RTO. It also highlights protective measures such as hashing for data integrity, automation support challenges, and the use of URL scanning in web filtering to prevent malware infections.

10 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice: 5.0 Security Program Management and Oversight

This flashcard set covers key concepts in cybersecurity governance frameworks, including centralized governance, data stewardship roles, and compliance laws like SOX. It also addresses environments supporting development and change management, as well as recovery strategies like Recovery Point Objective (RPO) to minimize data loss during system failures.

8 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice: 4.0 Security Operations

This flashcard set explores advanced cybersecurity practices including refining SIEM alert handling, email security protocols (DKIM, DMARC), secure authentication methods, and strategic threat-hunting. It emphasizes how to enhance incident response efficiency and leverage proactive defense techniques like maneuvering to counteract potential threats.

11 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice; 2.0 Threats, Vulnerabilities, and Mitigations

This deck covers key concepts related to threats, vulnerabilities, and mitigations in cybersecurity, focusing on virtual machine security.

1 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice; 1.0 General Security Concepts

This flashcard deck covers key concepts from the Security+ (SY0-701) exam, focusing on general security concepts such as technical and operational controls, policy enforcement, and tokenization.

6 cards
View Deck
Information Technology

Security+ (SY0-701): Lesson 16: Summarize Data Protection Part 2

This flashcard deck covers key concepts from the Security+ (SY0-701) Lesson 16, focusing on data protection methods, DLP components, and security awareness training.

25 cards
View Deck

Study Tips

  • Press F to enter focus mode for distraction-free studying
  • Review cards regularly to improve retention
  • Try to recall the answer before flipping the card
  • Share this deck with friends to study together
CompTIA Security+ (SY0-601): Public Key Infrastructure
TermDefinition

PKI

Public Key Infrastructure:
An entire system of hardware, software, policies, procedures, and people that is based on asymmetric encryption

PKI and public key encryption are related but they are not the same thing

PKI is the entire system and just uses public key cryptography to function

Certificates

Digitally-signed electronic documents that bind a public key with a user’s identity

X.509

Standard used PKI for digital certificates and contains the owner/user’s information and the certificate authority’s information

Wildcard Certificates

Allow all of the subdomains to use the same public key certificate and have it displayed as valid

Wildcard certificates are easier to manage

Subject Alternative Name (SAN)

Subject Alternative Name:

Allows a certificate owner to specify additional domains and IP addresses to be supported

Single vs. Dual-sided Certificates

Single-sided certificates only require the server to be validated

Dual-sided certificates require both the server and the user to be validated

X.690

Uses BER, CER, & DER for encoding

Basic Encoding Rules (BER)

Basic Encoding Rules:
The original ruleset governing the encoding of data structures for certificates where several different encoding types can be utilized

Canonical Encoding Rules (CER)

Canonical Encoding Rules:

A restricted version of the BER that only allows the use of only one encoding type

Distinguished Encoding Rules (DER)

Distinguished Encoding Rules:
Restricted version of the BER which allows one encoding type and has more restrictive rules for length, character strings, and how elements of a digital certificate are stored in X.509

File Formats: Privacy-enhanced Electronic Mail

.pem
.cer
.crt
.key

File Formats: Public Key Cryptographic System #12 (PKCS#12)

.p12

File Formats: Personal Information Exchange

.pfx

File Formats: Public Key Cryptographic Systems #7 (PKCS#7)

.p7b

Registration Authority (RA)

Receives certificate signing requests
Validates users/devices requesting the certificate
Revokes credentials if certificate is no longer valid
Requests certificates from the CA if the applicant complies

Certificate Authority

The entity that issues certificates to a user

Verisign, Digisign, and many others act as Root CA


Certificate Revocation List (CRL)

An online list of digital certificates that the certificate authority has revoked


Online Certificate Status Protocol (OCSP)

A protocol that allows you to determine the revocation status of a digital certificate using its serial number


OCSP Stapling

Allows the certificate holder to get the OCSP record from the server at regular intervals and include it as part of the SSL or TLS handshake

Speeds up secure tunnel creation process

Public Key Pinning

Allows an HTTPS website to resist impersonation attacks by presenting a set of trusted public keys to the user’s web browser as part of the HTTP header

Key Escrow & Key Recovery Agent

Key Escrow:
Occurs when a secure copy of a user’s private key is held in case the user accidently loses their key

Key Recovery Agent:
A specialized type of software that allows the restoration of a lost or corrupted key to be performed

Web of Trust

A decentralized trust model that addresses issues associated with the public authentication of public keys within a CA-based PKI system

A peer-to-peer model

Certificates are created as self-signed certificates

Pretty Good Privacy (PGP) is a web of trust