312-50V11 · Question #359
A Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of which of the following?
The correct answer is B. Private key. The integrity and confidentiality of encrypted email depends entirely on keeping the private key secret, since its compromise allows unauthorized decryption and impersonation.
Question
A Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of which of the following?
Options
- APublic key
- BPrivate key
- CModulus length
- DEmail server certificate
How the community answered
(35 responses)- A3% (1)
- B91% (32)
- D6% (2)
Why each option
The integrity and confidentiality of encrypted email depends entirely on keeping the private key secret, since its compromise allows unauthorized decryption and impersonation.
The public key is intentionally distributed to all parties and is not a secret - its exposure is by design and does not compromise the security of encrypted communications.
In a public key infrastructure, the private key must remain confidential to its owner at all times. If the CA-generated private key is compromised, an attacker can decrypt any message encrypted with the corresponding public key and can forge digital signatures to impersonate the legitimate owner, completely undermining the security of all encrypted communications tied to that key pair.
Modulus length determines the mathematical strength of the key pair but is a configuration parameter, not a secret value whose confidentiality the system's integrity depends upon.
The email server certificate authenticates the server's identity in transit and is separate from the key pair used for end-to-end email encryption and decryption.
Concept tested: PKI private key confidentiality and email security
Source: https://learn.microsoft.com/en-us/windows/win32/seccrypto/public-private-key-pairs
Topics
Community Discussion
No community discussion yet for this question.