SCP sc0-501 practice test

Enterprise Security Implementation Exam


Question 1

One important X.509v3 extension in a digital certificte is the SubjectKeyldentifier. What is the
purpose of this field?

  • A. This extension contains a hash of the end entity's private key. This allows a user to decrypt the end entity's private key using the publisheed public key and recalulate the hash value of the private key on the certificate to look for a match. If the calculation matches the SubjectKeyldentifier value, then the end entity can be validated.
  • B. This extension contains a hash of the subject's This allows a user to decrypt the subject's private key using the publisheed public key and recalulate the hash value of the private key on the certificate to look for a match.If the calculation matches the SubjectKeyldentifier value, then the subject can be validated.
  • C. This extension has a hash of the subject's public key. This allows a user to calculate the hash value of the public key on the certificate to look for a match. If the calculation matches the SubjectKeyldentifier value, then the subject can be validated.
  • D. This extension has a hash of the issue's public key. This allows a user to calculate the hash value of the public key on the certificate to look for a match. If the calculation matches the SubjectKeyldentifier value, then the CA can be validated.
Answer:

D

Discussions

Question 2

You are in the process of designing your PK1. You are working on the individual systems and servers
that you will need. Which machine that you install is the trusted third-party responsible for creating,
distributing, and revoking certificates?

  • A. Registration Authority
  • B. Archive Server
  • C. Certificate Repository
  • D. Security Server
  • E. Certification Authority
Answer:

E

Discussions

Question 3

You need to be sure that your clients are aware of the certificates no longer used in the PKI. What is
the easiest way to get this information to your clients?

  • A. By bringing each client a floppy with the no longer used certificates on the disk
  • B. Asking each client to connect to a customized web page for each client that lists the certificates that are no longer used by that client
  • C. Asking each client to connect to a customized web page for each client that lists the certificates that are no longer defined by each trusted entity in the network
  • D. Using Certificate Revocation Lists (CRLs)
  • E. Implementing the Old Certificate List (OCL)
Answer:

D

Discussions

Question 4

DES is often defined as no longer ecure senough to handle high security requirements. Why is this?

  • A. DES is more vulnerable to dictionary attacks than other algorithms
  • B. DES is more vulnerable to brute-force attacks than other algorithms
  • C. DES uses a 32-bit key length, which can be cracked easily
  • D. DES uses a 64-bit key, which can be cracked easily
  • E. The DES key can be cracked in a short time
Answer:

E

Discussions

Question 5

Your company has been running a PKI for two years, and just has bought a former competitor. The
former competitor has been running their own PKI for some time as well. You wish to create one
new PKI, managed by you. This has been approved, but will take some time to implement. In the
meantime, what type of certification can you use to allow the two networks to have some
connectivity?

  • A. Trusted Certification
  • B. Meshed Certification
  • C. Cross Certification
  • D. Bridged Certification
  • E. Hierarchical Certification
Answer:

C

Discussions

Question 6

Which authentication token looks like a small key fob with an LCD display?

  • A. Handshake tokens.
  • B. RF Tokens.
  • C. Time-based tokens.
  • D. Challenge/response tokens.
  • E. Magnetic stripe tokens.
Answer:

C

Discussions

Question 7

Your network is running Windows 2000 CAs. If you are going to use a workstation to request
certificates for smart card users, and use this machine to load the certificates onto the smart cards
themselves, which Certificate Template will you need to install on the workstation?

  • A. Smart Card Signing
  • B. Administrator
  • C. User
  • D. Enrollment Agent
  • E. User Signature Only
Answer:

D

Discussions

Question 8

How does the EnCase software store data about an investigation?

  • A. In multiple fragments
  • B. In the Temp folder
  • C. In Case files
  • D. In multiple files
  • E. In multiple folders
Answer:

C

Discussions

Question 9

Which of the following types of attack is a vulnerability of DH?

  • A. Man-in-the-middle
  • B. IP Spoofing
  • C. IP Sequencing
  • D. Impersonation
  • E. Masquerading
Answer:

A

Discussions

Question 10

Which of the following numbers are Non-Prime Numbers?

  • A. 23
  • B. 2
  • C. 24
  • D. 39
  • E. 17
Answer:

C, D

Discussions
To page 2