312-50V10 Question #32: Real Exam Question with Answer & Explanation

The correct answer is D: Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before. Asymmetric encryption with a public key protects data only as long as the corresponding private key remains secret. Storing the private key alongside encrypted data in the same location eliminates that protection.

Cryptography

Question

Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the following attack scenarios will compromise the privacy of her data?

Options

ANone of these scenarios compromise the privacy of Alice's data
BAgent Andrew subpoenas Alice, forcing her to reveal her private key. However, the cloud server
CHacker Harry breaks into the cloud server and steals the encrypted data
DAlice also stores her private key in the cloud, and Harry breaks into the cloud server as before

Explanation

Asymmetric encryption with a public key protects data only as long as the corresponding private key remains secret. Storing the private key alongside encrypted data in the same location eliminates that protection.

Common mistakes.

A. Scenario D does compromise Alice's privacy, making this choice factually incorrect.
B. In this scenario the cloud server does not hold the private key, so even if Alice is compelled to reveal her key the server-side encrypted data is not independently accessible to an attacker without both elements together.
C. Stealing only the encrypted ciphertext does not compromise privacy because without Alice's private key the data cannot be decrypted.

Concept tested. Public key encryption and private key confidentiality

Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview

Topics

#public key encryption#cloud storage#private key exposure#cryptography attack

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice