Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search

Table Of Contents  CertiGuide to Security+
 9  Chapter 7:  Practice Exam Answers

Previous Topic/Section
Answers to Questions 61-65
Previous Page
Pages in Current Topic/Section
Next Page
Answers to Questions 71-75
Next Topic/Section

Answers to Questions 66-70

66. If Bob wants to send Carol a message that is confidential what key would Bob use to encrypt the message?

A. Bob's private key

B. Carol's private key

C. Bob's public key

D. Carol's public key

Explanation: A message encrypted with the recipient's public key that is listed in a directory can only be decrypted with the recipient's private key. This ensures confidentiality. Conversely, the private key of the sender can be used to electronically sign documents. If the signature can be decrypted using the sender's public key, the receiver is assured that the message is legitimate the sender alone possesses the private key to encrypt the signature.

& Section 4.2.1:.Confidentiality


67. The CA offers what type of key management?

A. Centralized

B. Decentralized

Explanation: PGP is a web of trust (decentralized). For scalability, centralized models are used.

& Section 4.3.3: Trust Models

& Section 4.5.1: Centralized vs. Decentralized (Key Management)


68 Select the protocol that is utilized for management and negotiation of SA's.


B. RC3

C. MD5


Explanation: "The Internet Security Association and Key Management Protocol (ISAKMP) defines procedures and packet formats to establish, negotiate, modify and delete Security Associations (SA)." -- RFC 2048

& Section 4.4: (Cryptography).Standards and Protocols


69. A certificate should be renewed or a new certificate applied for before

A. Expiration

B. Deletion

C. Suspension

D. All choices are correct

E. No choice is correct

Explanation: A certificate will not authenticate without error once it has expired. In order to prevent interruption of communications (and even interruption of business, if your business relies on that certificate), be sure to renew your certificate or have a new one issued before it expires.

& Section 4.5.4: (Certificate) Expiration


70. If a private key is compromised the action step to take is

A. Suspension

B. Destruction

C. Revocation

D. All choices are correct

E. No choices are correct

Explanation: "There are many reasons why you might want to revoke a certificate long before it expires. For example, a user might change organizations or lose his or her key pair, or an e-commerce site using SSL (Secure Sockets Layer) may close up shop. “Network Computing

You would suspend the certificate if you only suspect compromise and want to take some time to investigate if it really was compromised, since once a certificate has been revoked, it can't be re-enabled (and must instead be fully replaced).

& Section 4.5.5: (Certificate) Revocation

Previous Topic/Section
Answers to Questions 61-65
Previous Page
Pages in Current Topic/Section
Next Page
Answers to Questions 71-75
Next Topic/Section

If you find useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $

Home - Table Of Contents - Contact Us

CertiGuide for Security+ ( on
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al. Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.