Text preview & study summary
CompTIA Security+ - Cryptography and PKI
A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.
Want to test your knowledge? Launch the Interactive Exam Simulator
Question 1
?? True/False (Medium)
A self-signed certificate provides the same level of trust as a CA-signed certificate.
Explanation
A self-signed certificate is signed by the same entity whose identity it certifies — like writing your own reference letter. There is no third-party verification of identity. Browsers display security warnings for self-signed certificates because users cannot verify the issuer's identity. CA-signed certificates are trusted because browsers pre-installed trusted CA root certificates.
Question 2
?? Multiple Choice (Easy)
What is the difference between symmetric and asymmetric encryption?
Explanation
Symmetric encryption (AES, DES, 3DES): same key encrypts and decrypts — fast but key distribution is a challenge. Asymmetric encryption (RSA, ECC): public key encrypts, private key decrypts (or private signs, public verifies) — slow but solves key distribution. In practice, asymmetric exchanges a symmetric session key (hybrid approach used in TLS).
Question 3
?? True/False (Hard)
The process of key escrow involves storing a copy of encryption keys with a trusted third party, allowing authorized recovery if the original key is lost.
Explanation
Key escrow is required in some enterprise and government environments. An encrypted copy of private keys is held by an escrow agent (trusted third party or the organization's IT department). This allows recovery of encrypted data if employees leave or keys are lost. It is controversial in government use (Clipper Chip proposal) due to privacy implications.
Question 4
?? Multiple Choice (Easy)
What does PKI stand for?
Explanation
PKI is a framework of policies, procedures, hardware, software, and people for creating, managing, distributing, and revoking digital certificates. Key PKI components: Certificate Authority (CA), Registration Authority (RA), Certificate Revocation Lists (CRL), OCSP, and digital certificates (X.509 standard).
Question 5
?? Multiple Choice (Hard)
Which algorithm is used in ECDSA (Elliptic Curve Digital Signature Algorithm) that makes random nonce (k) reuse catastrophic?
Explanation
In ECDSA, if the same nonce k is used to sign two different messages, an attacker with both signatures can solve a system of equations to recover the private key. This happened to Sony PlayStation 3 (same k used for all code signing) and Bitcoin wallets that reused nonces. RFC 6979 uses deterministic k generation to prevent this.
