CertiGuide to Security+  9  Chapter 7:  Practice Exam Answers

Answers to Questions 61-65 1 Answers to Questions 71-75

66. If Bob wants to send Carol a message that is confidential what key would Bob use to encrypt the message?

A. Bob's private key

B. Carol's private key

C. Bob's public key

D. Carol's public key

Explanation: A message encrypted with the recipient's public key that is listed in a directory can only be decrypted with the recipient's private key. This ensures confidentiality. Conversely, the private key of the sender can be used to electronically sign documents. If the signature can be decrypted using the sender's public key, the receiver is assured that the message is legitimate the sender alone possesses the private key to encrypt the signature.

& Section 4.2.1:.Confidentiality

67. The CA offers what type of key management?

A. Centralized

B. Decentralized

Explanation: PGP is a web of trust (decentralized). For scalability, centralized models are used.

& Section 4.3.3: Trust Models

& Section 4.5.1: Centralized vs. Decentralized (Key Management)

68 Select the protocol that is utilized for management and negotiation of SA's.

A. ISAKMP

B. RC3

C. MD5

D. IDEL

Explanation: "The Internet Security Association and Key Management Protocol (ISAKMP) defines procedures and packet formats to establish, negotiate, modify and delete Security Associations (SA)." -- RFC 2048

& Section 4.4: (Cryptography).Standards and Protocols

69. A certificate should be renewed or a new certificate applied for before

A. Expiration

B. Deletion

C. Suspension

D. All choices are correct

E. No choice is correct

Explanation: A certificate will not authenticate without error once it has expired. In order to prevent interruption of communications (and even interruption of business, if your business relies on that certificate), be sure to renew your certificate or have a new one issued before it expires.

& Section 4.5.4: (Certificate) Expiration

70. If a private key is compromised the action step to take is

A. Suspension

B. Destruction

C. Revocation

D. All choices are correct

E. No choices are correct

Explanation: "There are many reasons why you might want to revoke a certificate long before it expires. For example, a user might change organizations or lose his or her key pair, or an e-commerce site using SSL (Secure Sockets Layer) may close up shop. “Network Computing

You would suspend the certificate if you only suspect compromise and want to take some time to investigate if it really was compromised, since once a certificate has been revoked, it can't be re-enabled (and must instead be fully replaced).

& Section 4.5.5: (Certificate) Revocation

Answers to Questions 61-65 1 Answers to Questions 71-75