CISSP Question #1472: Real Exam Question with Answer & Explanation

Question

The use of private and public encryption keys is fundamental in the implementation of which of the following?

Options

• ADiffie-Hellman algorithm
• BSecure Sockets Layer (SSL)
• CAdvanced Encryption Standard (AES)
• DMessage Digest 5 (MD5)

Explanation

SSL/TLS uses asymmetric cryptography (public/private key pairs) during the handshake to authenticate and exchange session keys, making it the primary protocol fundamentally built on public-key infrastructure.

Common mistakes.

• A. The Diffie-Hellman algorithm is a key-exchange method that allows two parties to derive a shared secret over an insecure channel using mathematical exponentiation, but it does not itself use pre-existing private/public key pairs in the same PKI sense - it generates ephemeral values rather than relying on asymmetric encryption keys.
• C. AES (Advanced Encryption Standard) is a symmetric encryption algorithm, meaning it uses a single shared secret key for both encryption and decryption, with no concept of separate public and private keys.
• D. MD5 (Message Digest 5) is a cryptographic hash function that produces a fixed-length digest from input data; it does not use encryption keys of any kind - public or private - as it is a one-way hashing algorithm, not an encryption scheme.

Concept tested. Asymmetric public/private key cryptography in SSL

Reference. https://learn.microsoft.com/en-us/windows-server/security/tls/tls-ssl-schannel-ssp-overview

No community discussion yet for this question.