CASP+ Cryptography and PKI

Question 1

An organization wants to ensure that digital signatures on contracts remain legally valid even if the signing algorithm is later deprecated. Which mechanism BEST addresses this?

Accepted Answer

Trusted timestamping combined with long-term validation (LTV) signatures

Answer

Re-signing all documents with a new algorithm immediately

Answer

Storing documents in encrypted archives

Answer

Using symmetric encryption for document storage

Question 2

Which cryptographic algorithm provides BOTH confidentiality and data authentication in a single operation?

Accepted Answer

AES-GCM (Galois/Counter Mode)

Answer

AES-CBC with HMAC-SHA256 applied separately

Answer

RSA-2048 encryption

Answer

SHA-256 hashing

Question 3

A PKI administrator needs to revoke a certificate immediately due to a key compromise. Which mechanism provides the FASTEST revocation propagation?

Accepted Answer

OCSP stapling with short-validity responses

Answer

CRL published on a daily schedule

Answer

Manual notification to all relying parties

Answer

Waiting for the certificate to expire naturally

Question 4

Which key exchange protocol provides perfect forward secrecy (PFS)?

Accepted Answer

Ephemeral Diffie-Hellman (DHE) or ECDHE

Answer

RSA key exchange

Answer

Static Diffie-Hellman (DH)

Answer

Pre-shared key (PSK) exchange

Question 5

An enterprise is designing a PKI hierarchy. Which structure BEST protects the root CA while maintaining operational flexibility?

Accepted Answer

An offline root CA with online intermediate/issuing CAs

Answer

A single root CA used directly for all certificate issuance

Answer

A flat PKI with no intermediate CAs

Answer

A root CA hosted on an internet-connected server for availability

Question 6

Which elliptic curve is RECOMMENDED by NIST for use in US federal systems at the 128-bit security level?

Accepted Answer

P-256 (secp256r1)

Answer

Curve25519

Answer

P-521

Answer

secp256k1

An organization wants to ensure that digital signatures on contracts remain legally valid even if the signing algorithm is later deprecated.Which mechanism BEST addresses this?

An organization wants to ensure that digital signatures on contracts remain legally valid even if the signing algorithm is later deprecated.
Which mechanism BEST addresses this?