CompTIA
SY0-301 · Question #489
SY0-301 Question #489: Real Exam Question with Answer & Explanation
The correct answer is A: Private key. In PGP, the private key and its passphrase (key password) must be kept secret because the private key decrypts messages and creates digital signatures, while the password protects the private key from unauthorized use.
Question
When using PGP, which of the following should the end user protect from compromise? (Select TWO).
Options
- APrivate key
- BCRL details
- CPublic key
- DKey password
- EKey escrow
- FRecovery agent
Explanation
In PGP, the private key and its passphrase (key password) must be kept secret because the private key decrypts messages and creates digital signatures, while the password protects the private key from unauthorized use.
Common mistakes.
- B. CRL (Certificate Revocation List) details are a PKI concept and are not directly part of PGP's trust model - PGP uses a web of trust model rather than a centralized CA and CRL infrastructure.
- C. The public key is intentionally meant to be distributed widely so that others can encrypt messages to the owner and verify signatures - it is not a secret and does not need to be protected from compromise.
- E. Key escrow involves a trusted third party holding a copy of a key for recovery purposes and is not something an end user personally protects as part of their PGP credential set.
- F. A recovery agent is an enterprise PKI concept where a designated party can decrypt data on behalf of users - this is not a component that a PGP end user needs to protect personally.
Concept tested. PGP private key and passphrase protection
Reference. https://www.rfc-editor.org/rfc/rfc4880
Community Discussion
No community discussion yet for this question.