SY0-301 · Question #744
Which of the following is true about PKI? (Select TWO).
The correct answer is D. When encrypting a message with the public key, only the private key can decrypt it. E. When encrypting a message with the private key, only the public key can decrypt it.. In asymmetric PKI, data encrypted with the public key can only be decrypted by the paired private key, and data signed with the private key can only be verified by the corresponding public key.
Question
Which of the following is true about PKI? (Select TWO).
Options
- AWhen encrypting a message with the public key, only the public key can decrypt it.
- BWhen encrypting a message with the private key, only the private key can decrypt it.
- CWhen encrypting a message with the public key, only the CA can decrypt it.
- DWhen encrypting a message with the public key, only the private key can decrypt it.
- EWhen encrypting a message with the private key, only the public key can decrypt it.
How the community answered
(42 responses)- A2% (1)
- B5% (2)
- C2% (1)
- D90% (38)
Why each option
In asymmetric PKI, data encrypted with the public key can only be decrypted by the paired private key, and data signed with the private key can only be verified by the corresponding public key.
The public key is used for encryption, not decryption; the private key is required to decrypt data encrypted with the public key.
When the private key encrypts (signs) data, the public key - not the private key - is used to decrypt or verify it.
The CA issues and signs certificates but does not hold or use individual users' private keys to decrypt their messages.
Asymmetric encryption uses a mathematically paired key pair: anything encrypted with the public key can only be decrypted by the corresponding private key, which is the fundamental confidentiality operation in PKI.
When the private key is used to encrypt (sign) data, only the corresponding public key can decrypt (verify) it - this is the basis of digital signatures and allows anyone with the public key to verify the sender's identity.
Concept tested: PKI asymmetric key pair encryption and decryption roles
Source: https://learn.microsoft.com/en-us/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows
Topics
Community Discussion
No community discussion yet for this question.