nerdexam
F5

101 · Question #579

An administrator is updating private keys used for SSL encryption from 1024 to 2048 bits. Which possible effect should the administrator consider when performing this activity?

The correct answer is A. The larger Key size will increase processing requirements. Doubling the RSA private key size from 1024 to 2048 bits significantly increases the computational load required for SSL/TLS handshake operations.

Section 4: Security Basics

Question

An administrator is updating private keys used for SSL encryption from 1024 to 2048 bits. Which possible effect should the administrator consider when performing this activity?

Options

  • AThe larger Key size will increase processing requirements
  • BSome hardware will NOT support the 2048 key
  • CSome certificate authorities will NOT support the 2048 key
  • DThe larger key sire will increase private key installation complexity

How the community answered

(24 responses)
  • A
    88% (21)
  • B
    4% (1)
  • C
    4% (1)
  • D
    4% (1)

Why each option

Doubling the RSA private key size from 1024 to 2048 bits significantly increases the computational load required for SSL/TLS handshake operations.

AThe larger Key size will increase processing requirementsCorrect

RSA encryption and decryption operations scale non-linearly with key length - a 2048-bit key requires substantially more CPU cycles per operation than a 1024-bit key. On high-traffic systems such as a BIG-IP load balancer handling many simultaneous TLS handshakes, this increased processing overhead can reduce throughput and increase latency. Administrators should account for this when planning key upgrades, potentially requiring hardware offloading or capacity adjustments.

BSome hardware will NOT support the 2048 key

Modern hardware and software stacks broadly support 2048-bit RSA keys, which have been the industry standard for many years and are not a compatibility concern.

CSome certificate authorities will NOT support the 2048 key

Major certificate authorities not only support 2048-bit keys but have deprecated 1024-bit keys and require a minimum of 2048 bits for issued certificates.

DThe larger key sire will increase private key installation complexity

The process of installing a private key is the same regardless of key length and does not become meaningfully more complex at 2048 bits.

Concept tested: SSL/TLS key size impact on processing overhead

Source: https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ssl-administration-13-0-0/4.html

Topics

#SSL key size#RSA#processing overhead#encryption

Community Discussion

No community discussion yet for this question.

Full 101 Practice