nerdexam
GIAC

GSEC · Question #403

GSEC Question #403: Real Exam Question with Answer & Explanation

The correct answer is B. PGP creates a random asymmetric key that it uses to encrypt the message, then encrypts this key. PGP uses hybrid encryption - a random session key encrypts the message, then the recipient's public key secures that session key. Answer B best describes this two-step process.

Question

Which of the following choices accurately describes how PGP works when encrypting email?

Options

  • APGP encrypts the message with the recipients public key, then encrypts this key with a random
  • BPGP creates a random asymmetric key that it uses to encrypt the message, then encrypts this key
  • CPGP creates a random symmetric key that it uses to encrypt the message, then encrypts this key
  • DPGP encrypts the message with the recipients public key, then encrypts this key with a random

Explanation

PGP uses hybrid encryption - a random session key encrypts the message, then the recipient's public key secures that session key. Answer B best describes this two-step process.

Common mistakes.

  • A. Encrypting the full message directly with the recipient's public key is computationally impractical for large messages and is not how PGP operates - PGP never applies asymmetric encryption to the message body itself.
  • C. Although PGP does use a symmetric session key internally, this choice's truncated wording likely describes an incorrect subsequent step that does not use the recipient's public key to protect the session key.
  • D. Like choice A, this incorrectly implies the message is encrypted directly with the recipient's public key, which contradicts PGP's hybrid design where only the small session key is asymmetrically encrypted.

Concept tested. PGP hybrid encryption model for email

Reference. https://www.rfc-editor.org/rfc/rfc4880

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSEC Practice