# CISSP PRACTICE QUESTIONS – 20200724

You are developing a client/server-based application where clients shall communicate with peer clients and the server based on the public key infrastructure. There are ten clients on the network. Which of the following is the required number of secret keys among clients and the server? (Source: Wentz QOTD)
A. 11
B. 22
C. 55
D. 77

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. 55.

The question is asking about the required number of “secret keys” for a network of 11 hosts: 10 clients, and one server. The secret key implies the symmetric encryption, so the formula can be applied: N (N-1) / 2.

11 (11-1) / 2 = 55.

This question is designed to highlight some essential concepts:

• Symmetric encryption and asymmetric encryption are NOT mutually exclusive; they complement each other and work together as a cryptographic solution. Symmetric encryption has good performance for encrypting data, while asymmetric encryption is typically implemented for key exchange and digital signature.
• Cryptographic keys are keys used in the symmetric ciphers and asymmetric ciphers. Symmetric ciphers use the secret key to encrypt the plaintext and decrypt the ciphertext, while asymmetric ciphers use the public key to encrypt the plaintext and the private key to decrypt the ciphertext.

# Key Taxonomy

• Symmetric Keys
• Secret Key: It implies symmetric encryption.
• Preshared/Shared Key: This implies the secret key is manually configured.
• Session Key: It implies the secret key is used in secure network transmission.
• Asymmetric Keys
• Public Key: used to encrypt the plaintext.
• Private Key: used to decrypt the ciphertext or used for digital signature.

# A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

A. 11
B. 22
C. 55
D. 77

# A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

## 2 thoughts on “CISSP PRACTICE QUESTIONS – 20200724”

1. How can it be determined from the question that “secret key” doesn’t mean private key?

• Good question! Thank you for your feedback. A secret key can refer to the private key in the sense of secrecy. However, it’s more common for people to imply the symmetric key when they use the term, secret key. It’s generally accepted but not a axiom.