CS356 Final Exam 174 Questions with Verified Answers,100% CORRECT

CS356 Final Exam 174 Questions with Verified Answers The most complex part of SSL is the __________ . -message header -payload -handshake protocol -TLS - CORRECT ANSWER Handshake Protocol A benefit of IPsec is __________. A. that it is below the transport layer and transparentto applications B. there is no need to revoke keying material whenusers leave the organization C. it can provide security for individual users if needed D. all of the above - CORRECT ANSWER All of the above The _______ field in the outer IP header indicates whether the association is an AH or ESP security association. A. protocol identifier B. security parameter index C. IP destination address D. sequence path counter - CORRECT ANSWER protocol identifier In the case of ________ only the digital signature is encoded using base64. A. enveloped data B. signed and enveloped data C. signed data D. clear-signed data - CORRECT ANSWER D. clear-signed data IPsec can assure that _________. A. a router advertisement comes from an authorizedrouter B. a routing update is not forged C. a redirect message comes from the router to whichthe initial packet was sent D. all of the above - CORRECT ANSWER D. all of the above In S/MIME each conventional key is used a total of three times. - CORRECT ANSWER False DKIM has been widely adopted by a range of e-mail providers and many Internet service providers. - CORRECT ANSWER True A message store cannot be located on the same machine as the MUA - CORRECT ANSWER False An ADMD is an Internet e-mail provider. - CORRECT ANSWER True MIME is an extension to the old RFC 822 specification of an Internet mail format. - CORRECT ANSWER True _______ is a list that contains the combinations of cryptographic algorithms supported by the client. A. Compression method B. Session ID C. CipherSuite D. All of the above - CORRECT ANSWER C. CipherSuite To protect the data, either the signature alone or the signature plus the message are mapped into printable ASCII characters using a scheme known as ________ or base64mapping. A. radix-64 B. ASCII-64 C. ESP-64 D. safe mapping - CORRECT ANSWER A. radix-64 Recipients without S/MIME capability can view the message content, although they cannot verify the signature - CORRECT ANSWER True SMTP is used between the message user agent and the mail submission agent - CORRECT ANSWER True The IAB included authentication and encryption as necessary security features in IPv6 - CORRECT ANSWER True The recipient of a message can decrypt the signature using DSS and the sender's public DSS key - CORRECT ANSWER True The ________ function consists of encrypted content of any type and encrypted-content encryption keys for one or more recipients. A. clear-signed data B. signed data C. enveloped data D. signed and enveloped data - CORRECT ANSWER C. enveloped data The ________ accepts the message submitted by a message user agent and enforces the policies of the hosting domain and the requirements of Internet standards. A. mail submission agent B. message user agent C. mail delivery agent D. message transfer agent - CORRECT ANSWER A. mail submission agent The basic tool that permits widespread use of S/MIME is ________. A. the domain key B. the public-key certificate C. the MIME security payload D. radix-64 - CORRECT ANSWER B. the public-key certificate Most browsers come equipped with SSL and most Web servers have implemented the protocol. - CORRECT ANSWER True Transport mode provides protection primarily for lower-layer protocols - CORRECT ANSWER False During the __________ the virus is idle. A. dormant phase B. propagation phase C. triggering phase D. execution phase - CORRECT ANSWER A. dormant phase The __________ is when the virus function is performed. A. dormant phase B. propagation phase C. triggering phase D. execution phase - CORRECT ANSWER D. execution phase The term "computer virus" is attributed to __________. A. Herman Hollerith B. Fred Cohen C. Charles Babbage D. Albert Einstein - CORRECT ANSWER B. Fred Cohen __________ will integrate with the operating system of a host computer and monitor program behavior in real time for malicious actions. A. Fingerprint-based scanners B. Behavior-blocking software C. Generic decryption technology D. Heuristic scanners - CORRECT ANSWER B. Behavior-blocking software A __________ is code inserted into malware that lies dormant until a predefined condition, which triggers an unauthorized act, is met. A. logic bomb B. trapdoor C. worm D. Trojan horse - CORRECT ANSWER A. logic bomb Keyware captures keystrokes on a compromised system. - CORRECT ANSWER False A bot propagates itself and activates itself, whereas a worm is initially controlled from some central facility. - CORRECT ANSWER False Every bot has a distinct IP address. - CORRECT ANSWER True A virus that attaches to an executable program can do anything that the program is permitted to do. - CORRECT ANSWER True E-mail is a common method for spreading macro viruses. - CORRECT ANSWER True A __________ attack is a bot attack on a computer system or network that causes a loss of service to users. A. spam B. phishing C. DDoS D. sniff - CORRECT ANSWER C. DDoS __________ is malware that encrypts the user's data and demands payment in order to access the key needed to recover the information. A. Trojan Horse B. Crimeware C. Ransomware D. Polymorphic - CORRECT ANSWER C. Ransomware Many forms of infection can be blocked by denying normal users the right to modify programs on the system. - CORRECT ANSWER True In addition to propagating, a worm usually carries some form of payload. - CORRECT ANSWER True Metamorphic code is software that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics. - CORRECT ANSWER False It is not possible to spread a virus via an USB stick - CORRECT ANSWER False __________ are used to send large volumes of unwanted e-mail. A. Rootkits B. Spammer programs C. Downloaders D. Auto-rooter - CORRECT ANSWER B. Spammer programs A program that is covertly inserted into a system with the intent of compromising the integrity or confidentiality of the victim's data is __________. A. Adobe B. Animoto C. malware D. Prezi - CORRECT ANSWER C. malware Unsolicited bulk e-mail is referred to as __________. A. spam B. propagating C. phishing D. crimeware - CORRECT ANSWER A. spam Malicious software aims to trick users into revealing sensitive personal data. - CORRECT ANSWER True A macro virus infects executable portions of code. - CORRECT ANSWER False Programmers use backdoors to debug and test programs. - CORRECT ANSWER True _______ bandwidth attacks attempt to take advantage of the disproportionally large resource consumption at a server. A. Application-based B. System-based C. Random D. Amplification - CORRECT ANSWER A. Application-based It is possible to specifically defend against the ______ by using a modified version of the TCP connection handling code. A. three-way handshake B. UDP flood C. SYN spoofing attack D. flash crowd - CORRECT ANSWER C. SYN spoofing attack A characteristic of reflection attacks is the lack of _______ traffic. A. backscatter B. network C. three-way D. botnet - CORRECT ANSWER A. backscatter The ______ attacks the ability of a network server to respond to TCP connection requests by overflowing the tables used to manage such connections. A. DNS amplification attack B. SYN spoofing attack C. basic flooding attack D. poison packet attack - CORRECT ANSWER B. SYN spoofing attack ______ relates to the capacity of the network links connecting a server to the wider Internet. A. Application resource B. Network bandwidth C. System payload D. Directed broadcast - CORRECT ANSWER B. Network bandwidth SYN-ACK and ACK packets are transported using IP, which is an unreliable network protocol. - CORRECT ANSWER True The source of the attack is explicitly identified in the classic ping flood attack. - CORRECT ANSWER True Reflector and amplifier attacks use compromised systems running the attacker's programs. - CORRECT ANSWER False There is very little that can be done to prevent a flash crowd. - CORRECT ANSWER True Given sufficiently privileged access to the network handling code on a computer system, it is difficult to create packets with a forged source address. - CORRECT ANSWER False TCP uses the _______ to establish a connection. A. zombie B. SYN cookie C. directed broadcast D. three-way handshake - CORRECT ANSWER D. three-way handshake In a _______ attack the attacker creates a series of DNS requests containing the spoofed source address for the target system. A. SYN flood B. DNS amplification C. poison packet D. UDP flood - CORRECT ANSWER B. DNS amplification ______ attempts to monopolize all of the available request handling threads on the Web server by sending HTTP requests that never complete. A. HTTP B. Reflection attacks C. SYN flooding D. Slowloris - CORRECT ANSWER D. Slowloris Slowloris is a form of ICMP flooding. - CORRECT ANSWER False The best defense against being an unwitting participant in a DDoS attack is to prevent your systems from being compromised - CORRECT ANSWER True A denial-of-service attack is an attempt to compromise availability by hindering or blocking completely the provision of some service - CORRECT ANSWER True Flooding attacks take a variety of forms based on which network protocol is being used to implement the attack. - CORRECT ANSWER True _________ is a document that describes the application level protocol for exchanging data between intrusion detection entities. A. RFC 4767 B. RFC 4766 C. RFC 4765 D. RFC 4764 - CORRECT ANSWER A. RFC 4767 The rule _______ tells Snort what to do when it finds a packet that matches the rule criteria. A. protocol B. direction C. action D. destination port - CORRECT ANSWER C. action _________ are either individuals or members of a larger group of outsider attackers who are motivated by social or political causes. A. State-sponsored organizations B. Activists C. Cyber criminals D. Others - CORRECT ANSWER B. Activists A _________ is a security event that constitutes a security incident in which an intruder gains access to a system without having authorization to do so. A. intrusion detection B. IDS C. criminal enterprise D. security intrusion - CORRECT ANSWER D. security intrusion A _________ monitors the characteristics of a single host and the events occurring within that host for suspicious activity. A. host-based IDS B. security intrusion C. network-based IDS D. intrusion detection - CORRECT ANSWER A. host-based IDS A ________ monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity. A. host-based IDS B. security intrusion C. network-based IDS D. intrusion detection - CORRECT ANSWER C. network-based IDS The ________ is responsible for determining if an intrusion has occurred. A. analyzer B. host C. user interface D. sensor - CORRECT ANSWER A. analyzer __________ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder. A. Profile based detection B. Signature detection C. Threshold detection D. Anomaly detection - CORRECT ANSWER B. Signature detection _________ involves the collection of data relating to the behavior of legitimate users over a period of time. A. Profile based detection B. Signature detection C. Threshold detection D. Anomaly detection - CORRECT ANSWER D. Anomaly detection A (n) __________ is a hacker with minimal technical skill who primarily uses existing attack toolkits. A. Master B. Apprentice C. Journeyman D. Activist - CORRECT ANSWER B. Apprentice The _________ module analyzes LAN traffic and reports the results to the central manager. A. LAN monitor agent B. host agent C. central manager agent D. architecture agent - CORRECT ANSWER A. LAN monitor agent The purpose of the ________ module is to collect data on security related events on the host and transmit these to the central manager. A. central manager agent B. LAN monitor agent C. host agent D. architecture agent - CORRECT ANSWER C. host agent A(n) ________ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor. A. passive sensor B. analysis sensor C. LAN sensor D. inline sensor - CORRECT ANSWER D. inline sensor A(n) ________ event is an alert that is generated when the gossip traffic enables a platform to conclude that an attack is under way. A. PEP B. DDI C. IDEP D. IDME - CORRECT ANSWER B. DDI The _______ is the ID component that analyzes the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator. A. data source B. sensor C. operator D. analyzer - CORRECT ANSWER D. analyzer Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified. - CORRECT ANSWER True An intruder can also be referred to as a hacker or cracker. - CORRECT ANSWER True A common location for a NIDS sensor is just inside the external firewall. - CORRECT ANSWER True An inline sensor monitors a copy of network traffic; the actual traffic does not pass through the device. - CORRECT ANSWER False Activists are either individuals or members of an organized crime group with a goal of financial reward. - CORRECT ANSWER False Running a packet sniffer on a workstation to capture usernames and passwords is an example of intrusion - CORRECT ANSWER True Snort can perform intrusion prevention but not intrusion detection. - CORRECT ANSWER False Intruders typically use steps from a common attack methodology. - CORRECT ANSWER True The primary purpose of an IDS is to detect intrusions, log suspicious events, and send alerts. - CORRECT ANSWER True The IDS component responsible for collecting data is the user interface. - CORRECT ANSWER False Those who hack into computers do so for the thrill of it or for status. - CORRECT ANSWER True Typical for SOHO applications, a __________ is a single router between internal and external networks with stateless or full packet filtering. A. single bastion T B. double bastion inline C. screening router D. host-resident firewall - CORRECT ANSWER C. screening router ________ control controls access to a service according to which user is attempting to access it. A. User B. Direction C. Service D. Behavior - CORRECT ANSWER A. User __________ scans for attack signatures in the context of a traffic stream rather than individual packets. A. Pattern matching B. Protocol anomaly C. Traffic anomaly D. Stateful matching E. Statistical Anomaly - CORRECT ANSWER D. Stateful matching An example of a circuit-level gateway implementation is the __________ package. A. application-level B. SOCKS C. SMTP D. stateful inspection - CORRECT ANSWER B. SOCKS The _________ defines the transport protocol. A. destination IP address B. source IP address C. interface D. IP protocol field - CORRECT ANSWER D. IP protocol field A logical means of implementing an IPSec is in a firewall. - CORRECT ANSWER True A prime disadvantage of an application-level gateway is the additional processing overhead on each connection. - CORRECT ANSWER True A DMZ is one of the internal firewalls protecting the bulk of the enterprise network. - CORRECT ANSWER False The firewall can protect against attacks that bypass the firewall. - CORRECT ANSWER False A traditional packet filter makes filtering decisions on an individual packet basis and does not take into consideration any higher layer context. - CORRECT ANSWER True _________ control determines the direction in which particular service requests may be initiated and allowed to flow through the firewall. A. Behavior B. User C. Direction D. Service - CORRECT ANSWER C. Direction A _________ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control. A. packet filtering firewall B. distributed firewall C. personal firewall D. stateful inspection firewall - CORRECT ANSWER B. distributed firewall _________ control determines the types of Internet services that can be accessed, inbound or outbound. A. Behavior B. Direction C. Service D. User - CORRECT ANSWER C. Service The countermeasure to tiny fragment attacks is to discard packets with an inside source address if the packet arrives on an external interface. - CORRECT ANSWER False One disadvantage of a packet filtering firewall is its simplicity. - CORRECT ANSWER False The primary role of the personal firewall is to deny unauthorized remote access to the computer. - CORRECT ANSWER True A firewall can serve as the platform for IPSec. - CORRECT ANSWER True Distributed firewalls protect against internal attacks and provide protection tailored to specific machines and applications. - CORRECT ANSWER True Unlike a firewall, an IPS does not block traffic. - CORRECT ANSWER False The firewall may be a single computer system or a set of two or more systems that cooperate to perform the firewall function. - CORRECT ANSWER True Typically the systems in the _________ require or foster external connectivity such as a corporate Web site, an e-mail server, or a DNS server. A. DMZ B. IP protocol field C. boundary firewall D. VPN - CORRECT ANSWER A. DMZ A __________ gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host. A. packet filtering B. stateful inspection C. application-level D. circuit-level - CORRECT ANSWER D. circuit-level _________ control controls how particular services are used. A. Service B. Behavior C. User D. Direction - CORRECT ANSWER B. Behavior _________ is a form of overflow attack. A. Heap overflows B. replacement stack frame C. return to system call D. all of the above - CORRECT ANSWER D. all of the above _________ can prevent buffer overflow attacks, typically of global data, which attempt to overwrite adjacent regions in the processes address space, such as the global offset table. Heaps Guard Pages All of these options MMUs - CORRECT ANSWER Guard Pages ________ involve buffers located in the program's global (or static) data area. Heap overflows Stack buffer overflows Global Data Area Overflows Position overflows - CORRECT ANSWER Global Data Area Overflows The buffer overflow type of attack has been known since it was first widely used by the _______ Worm in 1988. Code Red Worm Morris Internet Worm Slammer Worm Alpha One - CORRECT ANSWER Morris Internet Worm The Packet Storm web site includes a large collection of packaged shellcode, including code that can: -flush firewall rules that currently block other attacks -all of these options -set up a listening service to launch a remote shell when connected to -create a reverse shell that connects back to the hacker - CORRECT ANSWER all of these options A buffer overflow error is not likely to lead to eventual program termination. - CORRECT ANSWER False The potential for a buffer overflow exists anywhere that data is copied or merged into a buffer, where at least some of the data are read from outside the program - CORRECT ANSWER True A stack overflow can result in some form of a denial of service attack on a system. - CORRECT ANSWER True Buffer overflow exploits are no longer a major source of concern to security practitioners. - CORRECT ANSWER False An attacker is more interested in transferring control to a location and code of the attacker's choosing rather than immediately crashing the program. - CORRECT ANSWER True A consequence of a buffer overflow error is _____ A. corruption of data used by the program B. unexpected transfer of control in the program C. possible memory access violation D. all of the above - CORRECT ANSWER D. all of the above _________ aim to prevent or detect buffer overflows by instrumenting programs when they are compiled. Run-time defenses Shellcodes All of these answers Compile-time defenses - CORRECT ANSWER Compile-time defenses A buffer ____________ is a condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. overwrite all these options overrun overflow - CORRECT ANSWER all these options The Packet Storm Web site includes a large collection of packaged shellcode, including code that can: A. create a reverse shell that connects back to the hacker B. flush firewall rules that currently block other attacks C. set up a listening service to launch a remote shell when connected to D. all of the above - CORRECT ANSWER D. all of the above In 2004 the ________ exploited a buffer overflow in Microsoft Windows 2000/XP Local Security Authority Subsystem Service. Morris Internet Worm Slammer Worm Code Red Worm Sasser Worm - CORRECT ANSWER Sasser Worm Shellcode must be able to run no matter where in memory it is located. - CORRECT ANSWER True At the basic machine level, all of the data manipulated by machine instructions executed by the computer processor are stored in either the processor's registers or in memory. - CORRECT ANSWER True The buffer overflow type of attack is one of the most common attacks seen. - CORRECT ANSWER True An attacker can generally determine in advance exactly where the targeted buffer will be located in the stack frame of the function in which it is defined. - CORRECT ANSWER False The function of ___________ was to transfer control to a user command-line interpreter, which gave access to any program available on the system with the privileges of the attacked program. shellcode stacking memory management no-execute - CORRECT ANSWER shellcode A stack buffer overflow attack is also referred to as ______. stack smashing stack framing heap overflowing buffer overrunning - CORRECT ANSWER stack smashing There are several generic restrictions on the content of shellcode. - CORRECT ANSWER True To exploit any type of buffer overflow, the attacker needs to identify a buffer overflow vulnerability in some program that can be triggered using externally sourced data under the attacker's control. - CORRECT ANSWER True The most common variant of injecting malicious script content into pages returned to users by the targeted sites is the _________ vulnerability. A. XSS reflection B. chroot jail C. atomic bomb D. PHP file inclusion - CORRECT ANSWER A. XSS reflection __________ attacks are vulnerabilities involving the inclusion of script code in the HTML content of a Web page displayed by a user's browser. A. PHP file inclusion B. Mail injection C. Code injection D. Cross-site scripting - CORRECT ANSWER D. Cross-site scripting Defensive programming is sometimes referred to as _________. A. variable programming B. secure programming C. interpretive programming D. chroot programming - CORRECT ANSWER B. secure programming A ________ is a pattern composed of a sequence of characters that describe allowable input variants. A. canonicalization B. race condition C. regular expression D. shell script - CORRECT ANSWER C. regular expression "Incorrect Calculation of Buffer Size" is in the __________ software error category. A. Porous Defenses B. Allocation of Resources C. Risky Resource Management D. Insecure Interaction Between Components - CORRECT ANSWER C. Risky Resource Management "Improper Access Control (Authorization)" is in the _________ software errorcategory. A. Porous Defenses B. Allocation of Resources C. Risky Resource Management D. Insecure Interaction Between Components - CORRECT ANSWER A. Porous Defenses Incorrect handling of program _______ is one of the most common failings insoftware security. A. lines B. input C. output D. disciplines - CORRECT ANSWER B. input _________ is a program flaw that occurs when program input data can accidentally or deliberately influence the flow of execution of the program. A. PHP attack B. Format string injection attack C. XSS attack D. Injection attack - CORRECT ANSWER D. Injection attack A _________ attack occurs when the input is used in the construction of a command that is subsequently executed by the system with the privileges of the Web server. A. command injection B. SQL injection C. code injection D. PHP remote code injection - CORRECT ANSWER A. command injection A _______ attack is where the input includes code that is then executed by the attacked system. A. SQL injection B. cross-site scripting C. code injection D. interpreter injection - CORRECT ANSWER C. code injection Blocking assignment of form field values to global variables is one of the defenses available to prevent a __________ attack. A. PHP remote code injection B. mail injection C. command injection D. SQL injection - CORRECT ANSWER A. PHP remote code injection The intent of ________ is to determine whether the program or function correctly handles all abnormal inputs or whether it crashes or otherwise fails to respond appropriately. A. shell scripting B. fuzzing C. canonicalization D. deadlocking - CORRECT ANSWER B. fuzzing _________ are a collection of string values inherited by each process from its parent that can affect the way a running process behaves. A. Deadlocks B. Privileges C. Environment variables D. Race conditions - CORRECT ANSWER C. Environment variables Cross-site scripting attacks attempt to bypass the browser's security checks to gain elevated access privileges to sensitive data belonging to another site. - CORRECT ANSWER True Defensive programming requires a changed mindset to traditional programming practices. - CORRECT ANSWER True Many computer security vulnerabilities result from poor programming practices. - CORRECT ANSWER True Without suitable synchronization of accesses it is possible that values may be corrupted, or changes lost, due to over-lapping access, use, and replacement of shared values. - CORRECT ANSWER True Security flaws occur as a consequence of sufficient checking and validation of data and error codes in programs. - CORRECT ANSWER False A stead reduction in memory available on the heap to the point where it is completely exhausted is known as a ________. A. fuzzing B. deadlock C. memory injection D. memory leak - CORRECT ANSWER D. memory leak The most common technique for using an appropriate synchronization mechanism to serialize the accesses to prevent errors is to acquire a _______ on the shared file, ensuring that each process has appropriate access in turn. A. lock B. code injection C. chroot jail D. privilege escalation - CORRECT ANSWER A. lock Injection attacks variants can occur whenever one program invokes the services of another program, service, or function and passes to it externally sourced, potentially untrusted information without sufficient inspection and validation of it. - CORRECT ANSWER True The correct implementation in the case of an atomic operation is to test separately for the presence of the lockfile and to not always attempt to create it. - CORRECT ANSWER False Software security is closely related to software quality and reliability. - CORRECT ANSWER True The _______ consists of two dates: the first and last on which the certificate is valid. A. version B. period of validity C. extension D. unique identifier - CORRECT ANSWER B. period of validity An integer value unique within the issuing CA that is unambiguously associated with the certificate is the ________. A. issuer name B. subject's public-key information C. issuer unique identifier D. serial number - CORRECT ANSWER D. serial number ________ requires that a user prove his or her identity for each service invoked and, optionally, requires servers to prove their identity to clients. A. FIM B. Kerberos C. X.509 D. PKI - CORRECT ANSWER B. Kerberos _______ is the process in which a CA issues a certificate for a user's public key and returns that certificate to the user's client system and/or posts that certificate in a repository. A. Certification B. Registration C. Initialization D. Authorization - CORRECT ANSWER A. Certification _______ is important as part of the directory service that it supports and is also a basic building block used in other standards. A. PKI B. X.509 C. Kerberos D. FIM - CORRECT ANSWER B. X.509 The overall scheme of Kerberos is that of a trusted third-party authentication service. - CORRECT ANSWER True Initialization begins the process of enrolling in a PKI. - CORRECT ANSWER False Kerberos does not support interrealm authentication. - CORRECT ANSWER False The authentication server shares a unique secret key with each server. - CORRECT ANSWER True The approach taken by Kerberos is using authentication software tied to a secure authentication server. - CORRECT ANSWER True _______ is the process whereby a user first makes itself known to a CA prior to that CA issuing a certificate or certificates for that user. A. Authorization B. Registration C. Certification D. Initialization - CORRECT ANSWER B. Registration A _______ is a generic term used to denote any method for storing certificates and CRLs so that they can be retrieved by end entities. A. RA B. registration C. repository D. CA - CORRECT ANSWER C. repository One of the earliest and most widely used services is _________. A. Kerbero B. FIM C. PKI D. X.509 - CORRECT ANSWER A. Kerbero Update is not required when the certificate lifetime expires or as a result of certificate revocation. - CORRECT ANSWER False Kerberos is designed to counter only one specific threat to the security of a client/server dialogue. - CORRECT ANSWER False _______ certificates are used in most network security applications, including IP security, secure sockets layer, secure electronic transactions, and S/MIME. A. X.509 B. PKI C. FIM D. SCA - CORRECT ANSWER A. X.509 X.509 provides a format for use in revoking a key before it expires. - CORRECT ANSWER True The principal objective for developing a PKI is to enable secure, convenient, and efficient acquisition of private keys. - CORRECT ANSWER False The ticket-granting ticket is not reusable. - CORRECT ANSWER False