CompTIA
CAS-002 · Question #248
CAS-002 Question #248: Real Exam Question with Answer & Explanation
The correct answer is C: Import the repository's public key.. RPM package managers verify package authenticity using GPG signatures. Without the repository's public key imported, the system cannot validate the package signature and will refuse installation.
Question
An administrator attempts to install the package "named.9.3.6-12-x86_64.rpm" on a server. Even though the package was downloaded from the official repository, the server states the package cannot be installed because no GPG key is found. Which of the following should the administrator perform to allow the program to be installed?
Options
- ADownload the file from the program publisher's website.
- BGenerate RSA and DSA keys using GPG.
- CImport the repository's public key.
- DRun sha1sum and verify the hash.
Explanation
RPM package managers verify package authenticity using GPG signatures. Without the repository's public key imported, the system cannot validate the package signature and will refuse installation.
Common mistakes.
- A. Downloading from the publisher's website does not resolve the GPG key trust issue - the package still requires the repository's public key to be present in the local keyring for signature verification.
- B. Generating new RSA/DSA keys creates a new keypair for the local user and has no effect on verifying the repository's existing package signatures.
- D. Running sha1sum verifies file download integrity against a known hash but does not address GPG signature verification, which is a separate cryptographic trust mechanism.
Concept tested. RPM package GPG signature verification and key import
Community Discussion
No community discussion yet for this question.