CompTIA Security+ Question J-83

Which of the following is used to certify intermediate authorities in a large PKI deployment?

A. Root CA
B. Recovery agent
C. Root user
D. Key escrow

Answer: A

Explanation:
The root CA certifies other certification authorities to publish and manage certificates within the organization. In a hierarchical trust model, also known as a tree, a root CA at the top provides all of the information. The intermediate CAs are next in the hierarchy, and they trust only information provided by the root CA. The root CA also trusts intermediate CAs that are in their level in the hierarchy and none that aren’t. This arrangement allows a high level of control at all levels of the hierarchical tree. .

CompTIA Security+ Question J-43

The finance department works with a bank which has recently had a number of cyber attacks. The finance department is concerned that the banking website certificates have been compromised. Which of the following can the finance department check to see if any of the bank’s certificates are still valid?

A. Bank’s CRL
B. Bank’s private key
C. Bank’s key escrow
D. Bank’s recovery agent

Answer: A

Explanation:
The finance department can check if any of the bank’s certificates are in the CRL or not. If a certificate is not in the CRL then it is still valid. The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included. In addition, each list contains a proposed date for the next release.

CompTIA Security+ Question J-4

In PKI, a key pair consists of: (Select TWO).

A. A key ring
B. A public key
C. A private key
D. Key escrow
E. A passphrase

Answer: B,C

Explanation:
In a PKI the sender encrypts the data using the receiver’s public key. The receiver decrypts the data using his own private key. The key pair consists of these two keys.

CompTIA Security+ Question G-47

A company’s security administrator wants to manage PKI for internal systems to help reduce costs. Which of the following is the FIRST step the security administrator should take?

A. Install a registration server.
B. Generate shared public and private keys.
C. Install a CA
D. Establish a key escrow policy.

Answer: C

Explanation:
PKI is a two-key, asymmetric system with four main components: certificate authority (CA), registration authority (RA), RSA (the encryption algorithm), and digital certificates. When you implement a PKI you should start by installing a CA.

CompTIA Security+ Question G-28

Which of the following concepts is enforced by certifying that email communications have been sent by who the message says it has been sent by?

A. Key escrow
B. Non-repudiation
C. Multifactor authentication
D. Hashing

Answer: B

Explanation:
Regarding digital security, the cryptological meaning and application of non-repudiation shifts to mean: A service that provides proof of the integrity and origin of data. An authentication that can be asserted to be genuine with high assurance.

CompTIA Security+ Question F-34

Which of the following allows a company to maintain access to encrypted resources when employee turnover is high?

A. Recovery agent
B. Certificate authority
C. Trust model
D. Key escrow

Answer: A

Explanation:
If an employee leaves and we need access to data he has encrypted, we can use the key recovery agent to retrieve his decryption key. We can use this recovered key to access the data. A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages as needed. As opposed to escrow, recovery agents are typically used to access information that is encrypted with older keys.

CompTIA Security+ Question F-2

When using PGP, which of the following should the end user protect from compromise? (Select TWO).

A. Private key
B. CRL details
C. Public key
D. Key password
E. Key escrow
F. Recovery agent

Answer: A,D

Explanation:
A: In PGP only the private key belonging to the receiver can decrypt the session key. PGP combines symmetric-key encryption and public-key encryption. The message is encrypted using a symmetric encryption algorithm, which requires a symmetric key. Each symmetric key is used only once and is also called a session key.

D: PGP uses a passphrase to encrypt your private key on your machine. Your private key is encrypted on your disk using a hash of your passphrase as the secret key. You use the passphrase to decrypt and use your private key.

CompTIA Security+ Question C-94

The public key is used to perform which of the following? (Select THREE).

A. Validate the CRL
B. Validate the identity of an email sender
C. Encrypt messages
D. Perform key recovery
E. Decrypt messages
F. Perform key escrow

Answer: B,C,E

Explanation:
B: The sender uses the private key to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the message to the receiver. The receiver uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is authentic.

C: The sender uses the public key to encrypt a message, and the receiver uses the private key to decrypt the message.

E: You encrypt data with the private key and decrypt with the public key, though the opposite is much more frequent. Public-key cryptography, also known as asymmetric cryptography, is a class of cryptographic protocols based on algorithms that require two separate keys, one of which is secret (or private) and one of which is public. Although different, the two parts of this key pair are mathematically linked.