CompTIA Security+ Question G-27

Which of the following is true about PKI? (Select TWO).

A. When encrypting a message with the public key, only the public key can decrypt it.
B. When encrypting a message with the private key, only the private key can decrypt it.
C. When encrypting a message with the public key, only the CA can decrypt it.
D. When encrypting a message with the public key, only the private key can decrypt it.
E. When encrypting a message with the private key, only the public key can decrypt it.

Answer: D,E

Explanation:
E: You encrypt data with the private key and decrypt with the public key, though the opposite is much more frequent. Public-key cryptography, also known as asymmetric cryptography, is a class of cryptographic protocols based on algorithms that require two separate keys, one of which is secret (or private) and one of which is public. Although different, the two parts of this key pair are mathematically linked.

D: In a PKI the sender encrypts the data using the receiver’s public key. The receiver decrypts the data using his own private key. PKI is a two-key, asymmetric system with four main components: certificate authority (CA), registration authority (RA), RSA (the encryption algorithm), and digital certificates. Messages are encrypted with a public key and decrypted with a private key. A PKI example: You want to send an encrypted message to Jordan, so you request his public key. Jordan responds by sending you that key. You use the public key he sends you to encrypt the message. You send the message to him.

Jordan uses his private key to decrypt the message.

CompTIA Security+ Question E-66

Which of the following types of trust models is used by a PKI?

A. Transitive
B. Open source
C. Decentralized
D. Centralized

Answer: D

Explanation:
PKI uses a centralized trust model. In a simple PKI a single centralized certification authority (CA). In a hierarchical trust model the root CA is the center of the model, with subordinate CAs lower in the hierarchy. Note: A public key infrastructure (PKI) is a set of hardware, software, people, policies, and

procedures needed to create, manage, distribute, use, store, and revoke digital certificates. A trust Model is collection of rules that informs application on how to decide the legitimacy of a Digital Certificate.

CompTIA Security+ Question D-28

In order to use a two-way trust model the security administrator MUST implement which of the following?

A. DAC
B. PKI
C. HTTPS
D. TPM

Answer: B

Explanation:
PKI is a high level concept. Within a PKI you use a trust model to set up trust between Certification Authorities (CAs). A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

CompTIA Security+ Question C-25

Matt, a systems security engineer, is determining which credential-type authentication to use within a planned 802.1x deployment. He is looking for a method that does not require a client certificate, has a server side certificate, and uses TLS tunnels for encryption. Which credential type authentication method BEST fits these requirements?

A. EAP-TLS
B. EAP-FAST
C. PEAP-CHAP
D. PEAP-MSCHAPv2

Answer: D

Explanation:
PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is accomplished via password-base credentials (user name and password) rather than digital certificates or smart cards. Only servers running Network Policy Server (NPS) or PEAP-MS-CHAP v2 are required to have a certificate.

CompTIA Security+ Question A-84

Digital certificates can be used to ensure which of the following? (Select TWO).

A. Availability
B. Confidentiality
C. Verification
D. Authorization
E. Non-repudiation

Answer: B,E

Explanation:
Digital Signatures is used to validate the integrity of the message and the sender. Digital certificates refer to cryptography which is mainly concerned with Confidentiality, Integrity, Authentication, Nonrepudiation and Access Control. Nonrepudiation prevents one party from denying actions they carried out.