Effective CISSP Questions

You are developing a client/server-based application in which the client shall communicate with the server through a trusted channel. Which of the following is the best design of key exchange to encrypt data in transit? (Source: Wentz QOTD)
A. The client encrypts the preshared key using its private key
B. The client encrypts the premaster key using the server’s private key
C. The client encrypts the session key using the server’s public key
D. The client encrypts the master key using the server’s public key

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. The client encrypts the session key using the server’s public key.

Key Generation

Key Generation

The session key, generated by the master key, is used to encrypt data. The master key, in a fixed length, is produced by the premaster key, which is of variable length depending on the key exchange method.

The purpose of the master key is to generate session key(s) instead of encrypting data.

The Purpose of the Private Key

The purpose of the private key is to sign documents instead of encrypting documents. The secret key should be encrypted by the recipient’s public key.


A. 客戶端通過其私鑰,加密預共享密鑰 (preshared)
B. 客戶端通過服務器的私鑰,加密預主密鑰 (premaster key)
C. 客戶端通過服務器的公鑰,加密會話密鑰 (session key)
D. 客戶端通過服務器的公鑰,加密主密鑰(master key)


My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

20200626-Get Your Copy Right Now

Leave a Reply