Answers to Questions 66-70
66. If Bob wants to send Carol a message that is confidential what key would Bob use to encrypt the message?
A. Bob's private key
B. Carol's private key
C. Bob's public key
D. Carol's public key
Explanation: A message encrypted with the recipient's public key that is listed in a directory can only be decrypted with the recipient's private key. This ensures confidentiality. Conversely, the private key of the sender can be used to electronically sign documents. If the signature can be decrypted using the sender's public key, the receiver is assured that the message is legitimate the sender alone possesses the private key to encrypt the signature.
& Section 4.2.1:.Confidentiality
67. The CA offers what type of key management?
Explanation: PGP is a web of trust (decentralized). For scalability, centralized models are used.
& Section 4.3.3: Trust Models
& Section 4.5.1: Centralized vs. Decentralized (Key Management)
68 Select the protocol that is utilized for management and negotiation of SA's.
Explanation: "The Internet Security Association and Key Management Protocol (ISAKMP) defines procedures and packet formats to establish, negotiate, modify and delete Security Associations (SA)." -- RFC 2048
& Section 4.4: (Cryptography).Standards and Protocols
69. A certificate should be renewed or a new certificate applied for before
D. All choices are correct
E. No choice is correct
Explanation: A certificate will not authenticate without error once it has expired. In order to prevent interruption of communications (and even interruption of business, if your business relies on that certificate), be sure to renew your certificate or have a new one issued before it expires.
& Section 4.5.4: (Certificate) Expiration
70. If a private key is compromised the action step to take is
D. All choices are correct
E. No choices are correct
Explanation: "There are many reasons why you might want to revoke a certificate long before it expires. For example, a user might change organizations or lose his or her key pair, or an e-commerce site using SSL (Secure Sockets Layer) may close up shop. Network Computing
You would suspend the certificate if you only suspect compromise and want to take some time to investigate if it really was compromised, since once a certificate has been revoked, it can't be re-enabled (and must instead be fully replaced).
& Section 4.5.5: (Certificate) Revocation
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.