SY0-501 · Question #291
SY0-501 Question #291: Real Exam Question with Answer & Explanation
The correct answer is C: Perfect forward secrecy. The attacker's inability to decrypt past or future communications after compromising a single session key indicates that the encryption scheme adheres to a principle that protects prior and subsequent sessions.
Question
An attacker captures the encrypted communication between two parties for a week, but is unable to decrypt the messages. The attacker then compromises the session key during one exchange and successfully compromises a single message. The attacker plans to use this key to decrypt previously captured and future communications, but is unable to. This is because the encryption scheme in use adheres to:
Options
- AAsymmetric encryption
- BOut-of-band key exchange
- CPerfect forward secrecy
- DSecure key escrow
Explanation
The attacker's inability to decrypt past or future communications after compromising a single session key indicates that the encryption scheme adheres to a principle that protects prior and subsequent sessions.
Common mistakes.
- A. Asymmetric encryption uses public and private key pairs for encryption and decryption, but it doesn't inherently prevent a compromised session key from affecting other sessions if those keys are derived from a static secret.
- B. Out-of-band key exchange refers to transmitting a key over a separate, secure channel, which is a method of key exchange but not the principle that prevents decryption of past or future communications after one session key is compromised.
- D. Secure key escrow involves storing encryption keys with a third party for recovery or access purposes, which is unrelated to preventing the compromise of one session key from affecting other communication sessions.
Concept tested. Perfect forward secrecy (PFS) implications
Community Discussion
No community discussion yet for this question.