Which four of the following information is included in sets of cryptographic algorithms that are defined by an SSL/TLS cipher suite? (Choose four.)
A. authentication and key exchange algorithms
B. public key version and type
C. encryption algorithm
D. peer IP address information
E. message authentication code algorithm
F. the PRF
What TCP port does SSL/TLS use for HTTPS communications?
A. TCP 563
B. TCP 626
C. TCP 80
D. TCP 443
To facilitate encrypted bulk data transfer using the TLS protocol, the shared secret key that is sent from the client to the server is encrypted with which key?
A. client public key
B. client private key
C. server's public key
D. server's private key
Which two of the following options must be included in the CSR that is to be signed by a CA? (Choose two.)
A. subject's public key information
B. written invitation code to join the CA
C. subject identity information
D. certificate intended usage
Which two of the following statements are true regarding the CA in a PKI deployment? (Choose two.)
A. The CA is the trusted third party that signs the public keys of entities in a PKI-based system.
B. The CA issues either a certificate revocation list (CRL) or uses an OCSP process to determine certificate validity.
C. The CA becomes the center point of communications between two hosts using certificates that are issued by the CA.
D. A root CA is not necessary in a PKI.
Which one of the following actions should be taken by a client to verify the entity that they received a certificate from is the entity that should be using the certificate?
A. Send a message encrypted with the system's peer's public key to verify that the peer can decrypt the message with the private key of the entity that is identified in the certificate.
B. Decrypt the certificate signature using the CA private key and check to make sure that the certificate hash matches what they received from the peer.
C. Ensure that the issuer and the subject match on the certificate of the peer.
D. Contact the CA by phone to determine how they validated the identity of the system during certificate enrollment of the peer that they are communicating with.
When using PKI which two of the following are true? (Choose two.)
A. Currently, PKI digital identity certificates use the X.509 version 3 structure.
B. Currently, the PKI architecture requires that the client devices stay in constant contact with the CA in order to trust a certificate that is issued by the CA.
C. A client device must trust the CA in order to validate another device certificate that is issued by the same CA.
D. The CA does not sign the user or device certificate; it only signs its own root certificate
Which five of the following options are components of the X.509 v3 certificate standard? (Choose five.)
A. serial number
B. user name
C. issuer
D. validity date range
E. subject
F. subject public key info
G. department name
Which three security services do digital signatures provide? (Choose three.)
A. confidentiality
B. integrity
C. non-repudiation
D. authenticity
E. availability
To communicate that a document is using a digital signature, which one of the following is the next step in the process after a hash of the document is calculated by the sender?
A. The hash is appended to the end of the document.
B. The hash is stored by the sender.
C. The hash is encrypted using the private key of the sender.
D. The hash is encrypted using a symmetric encryption algorithm.
E. The hash is signed using the public key of the receiver.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-250 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.