Text preview & study summary

CompTIA Security+ - Cryptography and PKI

A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.

Want to test your knowledge? Launch the Interactive Exam Simulator

Question 1

?? True/False (Medium)

A self-signed certificate provides the same level of trust as a CA-signed certificate.

Answer choices

  • A. True

  • B. False (Correct)

Explanation

A self-signed certificate is signed by the same entity whose identity it certifies — like writing your own reference letter. There is no third-party verification of identity. Browsers display security warnings for self-signed certificates because users cannot verify the issuer's identity. CA-signed certificates are trusted because browsers pre-installed trusted CA root certificates.

Question 2

?? Multiple Choice (Easy)

What is the difference between symmetric and asymmetric encryption?

Answer choices

  • A. Symmetric uses two keys; asymmetric uses one key

  • B. Symmetric uses the same key for encryption/decryption; asymmetric uses a key pair (public/private) (Correct)

  • C. Symmetric is for web traffic; asymmetric is for files

  • D. Symmetric is slower; asymmetric is faster

Explanation

Symmetric encryption (AES, DES, 3DES): same key encrypts and decrypts — fast but key distribution is a challenge. Asymmetric encryption (RSA, ECC): public key encrypts, private key decrypts (or private signs, public verifies) — slow but solves key distribution. In practice, asymmetric exchanges a symmetric session key (hybrid approach used in TLS).

Question 3

?? True/False (Hard)

The process of key escrow involves storing a copy of encryption keys with a trusted third party, allowing authorized recovery if the original key is lost.

Answer choices

  • A. True (Correct)

  • B. False

Explanation

Key escrow is required in some enterprise and government environments. An encrypted copy of private keys is held by an escrow agent (trusted third party or the organization's IT department). This allows recovery of encrypted data if employees leave or keys are lost. It is controversial in government use (Clipper Chip proposal) due to privacy implications.

Question 4

?? Multiple Choice (Easy)

What does PKI stand for?

Answer choices

  • A. Private Key Infrastructure

  • B. Public Key Infrastructure (Correct)

  • C. Protected Key Integration

  • D. Public Keychain Interface

Explanation

PKI is a framework of policies, procedures, hardware, software, and people for creating, managing, distributing, and revoking digital certificates. Key PKI components: Certificate Authority (CA), Registration Authority (RA), Certificate Revocation Lists (CRL), OCSP, and digital certificates (X.509 standard).

Question 5

?? Multiple Choice (Hard)

Which algorithm is used in ECDSA (Elliptic Curve Digital Signature Algorithm) that makes random nonce (k) reuse catastrophic?

Answer choices

  • A. If k is reused, both the signature and plaintext are revealed

  • B. If k is reused, the private key can be mathematically recovered (Correct)

  • C. If k is reused, the public key changes

  • D. If k is reused, the hash of the message is exposed

Explanation

In ECDSA, if the same nonce k is used to sign two different messages, an attacker with both signatures can solve a system of equations to recover the private key. This happened to Sony PlayStation 3 (same k used for all code signing) and Bitcoin wallets that reused nonces. RFC 6979 uses deterministic k generation to prevent this.