401 SEC+ Exam Guaranteed Pass: Questions from
Leading Universities & Proven Strategies with
Comprehensive Solutions
Which of the following is true about an email that was signed by User A and sent to User B?
A. User A signed with User B's private key and User B verified with their own public key.
B. User A signed with their own private key and User B verified with User A's public key.
C. User A signed with User B's public key and User B verified with their own private key.
D. User A signed with their own public key and User B verified with User A's private key - -
correct ans- -Answer: B
Explanation:
The sender uses his private key, in this case User A's private key, to create a digital
signature. The message is, in effect, signed with the private key. The sender then sends the
message to the receiver. The receiver (User B) uses the public key attached to the message
to validate the digital signature. If the values match, the receiver knows the message is
authentic.
The receiver uses a key provided by the sender—the public key—to decrypt the message.
Which of the following must be kept secret for a public key infrastructure to remain secure?
A. Certificate Authority
B. Certificate revocation list
C. Public key ring
D. Private ke - -correct ans- -Answer: D
Explanation:
The private key, which is also called the secret key, must be kept secret.
,Which of the following allows an organization to store a sensitive PKI component with a
trusted third party?
A. Trust model
B. Public Key Infrastructure
C. Private key
D. Key escrow - -correct ans- -Answer: D
Explanation:
Sensitive PKI data, such as private keys, can be put into key escrow data. The key escrow
data can be kept at a trusted third party.
Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held
in escrow so that, under certain circumstances, an authorized third party may gain access
to those keys. These third parties may include businesses, who may want access to
employees' private communications, or governments, who may wish to be able to view the
contents of encrypted communications
Which of the following is a requirement when implementing PKI if data loss is
unacceptable?
A. Web of trust
B. Non-repudiation
C. Key escrow
D. Certificate revocation list - -correct ans- -Answer: C
Explanation:
Key escrow is a database of stored keys that later can be retrieved.
Key escrow addresses the possibility that a third party may need to access keys. Under the
conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow
account (think of the term as it relates to home mortgages) and made available if that third
, party requests them. The third party in question is generally the government, but it could
also be an employer if an employee's private messages have been called into question
Which of the following allows lower level domains to access resources in a separate Public
Key Infrastructure?
A. Trust Model
B. Recovery Agent
C. Public Key
D. Private Key - -correct ans- -Answer: A
Explanation:
In a bridge trust model allows lower level domains to access resources in a separate PKI
through the root CA.
A trust Model is collection of rules that informs application on how to decide the legitimacy
of a Digital Certificate.
In a bridge trust model, a peer-to-peer relationship exists among the root CAs. The root CAs
can communicate with one another, allowing cross certification. This arrangement allows a
certification process to be established between organizations or departments.
Each intermediate CA trusts only the CAs above and below it, but the CA structure can be
expanded without creating additional layers of CAs.
A network administrator is looking for a way to automatically update company browsers so
they import a list of root certificates from an online source. This online source will then be
responsible for tracking which certificates are to be trusted or not trusted. Which of the
following BEST describes the service that should be implemented to meet these
requirements?
A. Trust model
B. Key escrow
C. OCSP
Leading Universities & Proven Strategies with
Comprehensive Solutions
Which of the following is true about an email that was signed by User A and sent to User B?
A. User A signed with User B's private key and User B verified with their own public key.
B. User A signed with their own private key and User B verified with User A's public key.
C. User A signed with User B's public key and User B verified with their own private key.
D. User A signed with their own public key and User B verified with User A's private key - -
correct ans- -Answer: B
Explanation:
The sender uses his private key, in this case User A's private key, to create a digital
signature. The message is, in effect, signed with the private key. The sender then sends the
message to the receiver. The receiver (User B) uses the public key attached to the message
to validate the digital signature. If the values match, the receiver knows the message is
authentic.
The receiver uses a key provided by the sender—the public key—to decrypt the message.
Which of the following must be kept secret for a public key infrastructure to remain secure?
A. Certificate Authority
B. Certificate revocation list
C. Public key ring
D. Private ke - -correct ans- -Answer: D
Explanation:
The private key, which is also called the secret key, must be kept secret.
,Which of the following allows an organization to store a sensitive PKI component with a
trusted third party?
A. Trust model
B. Public Key Infrastructure
C. Private key
D. Key escrow - -correct ans- -Answer: D
Explanation:
Sensitive PKI data, such as private keys, can be put into key escrow data. The key escrow
data can be kept at a trusted third party.
Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held
in escrow so that, under certain circumstances, an authorized third party may gain access
to those keys. These third parties may include businesses, who may want access to
employees' private communications, or governments, who may wish to be able to view the
contents of encrypted communications
Which of the following is a requirement when implementing PKI if data loss is
unacceptable?
A. Web of trust
B. Non-repudiation
C. Key escrow
D. Certificate revocation list - -correct ans- -Answer: C
Explanation:
Key escrow is a database of stored keys that later can be retrieved.
Key escrow addresses the possibility that a third party may need to access keys. Under the
conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow
account (think of the term as it relates to home mortgages) and made available if that third
, party requests them. The third party in question is generally the government, but it could
also be an employer if an employee's private messages have been called into question
Which of the following allows lower level domains to access resources in a separate Public
Key Infrastructure?
A. Trust Model
B. Recovery Agent
C. Public Key
D. Private Key - -correct ans- -Answer: A
Explanation:
In a bridge trust model allows lower level domains to access resources in a separate PKI
through the root CA.
A trust Model is collection of rules that informs application on how to decide the legitimacy
of a Digital Certificate.
In a bridge trust model, a peer-to-peer relationship exists among the root CAs. The root CAs
can communicate with one another, allowing cross certification. This arrangement allows a
certification process to be established between organizations or departments.
Each intermediate CA trusts only the CAs above and below it, but the CA structure can be
expanded without creating additional layers of CAs.
A network administrator is looking for a way to automatically update company browsers so
they import a list of root certificates from an online source. This online source will then be
responsible for tracking which certificates are to be trusted or not trusted. Which of the
following BEST describes the service that should be implemented to meet these
requirements?
A. Trust model
B. Key escrow
C. OCSP
