nerdexam
CompTIA

SY0-301 · Question #744

Which of the following is true about PKI? (Select TWO).

The correct answer is D. When encrypting a message with the public key, only the private key can decrypt it. E. When encrypting a message with the private key, only the public key can decrypt it.. In asymmetric PKI, data encrypted with the public key can only be decrypted by the paired private key, and data signed with the private key can only be verified by the corresponding public key.

General security concepts

Question

Which of the following is true about PKI? (Select TWO).

Options

  • AWhen encrypting a message with the public key, only the public key can decrypt it.
  • BWhen encrypting a message with the private key, only the private key can decrypt it.
  • CWhen encrypting a message with the public key, only the CA can decrypt it.
  • DWhen encrypting a message with the public key, only the private key can decrypt it.
  • EWhen encrypting a message with the private key, only the public key can decrypt it.

How the community answered

(42 responses)
  • A
    2% (1)
  • B
    5% (2)
  • C
    2% (1)
  • D
    90% (38)

Why each option

In asymmetric PKI, data encrypted with the public key can only be decrypted by the paired private key, and data signed with the private key can only be verified by the corresponding public key.

AWhen encrypting a message with the public key, only the public key can decrypt it.

The public key is used for encryption, not decryption; the private key is required to decrypt data encrypted with the public key.

BWhen encrypting a message with the private key, only the private key can decrypt it.

When the private key encrypts (signs) data, the public key - not the private key - is used to decrypt or verify it.

CWhen encrypting a message with the public key, only the CA can decrypt it.

The CA issues and signs certificates but does not hold or use individual users' private keys to decrypt their messages.

DWhen encrypting a message with the public key, only the private key can decrypt it.Correct

Asymmetric encryption uses a mathematically paired key pair: anything encrypted with the public key can only be decrypted by the corresponding private key, which is the fundamental confidentiality operation in PKI.

EWhen encrypting a message with the private key, only the public key can decrypt it.Correct

When the private key is used to encrypt (sign) data, only the corresponding public key can decrypt (verify) it - this is the basis of digital signatures and allows anyone with the public key to verify the sender's identity.

Concept tested: PKI asymmetric key pair encryption and decryption roles

Source: https://learn.microsoft.com/en-us/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows

Topics

#asymmetric encryption#PKI#public key#private key

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice