CISSP PRACTICE QUESTIONS – 20200820

Effective CISSP Questions

A client generates a session key randomly, encrypts it using a server’s public key, and sends it to the server which decrypts the session key using its private key to initiate a secure channel. Which of the following best describes this process?
A. Diffie-Hellman
B. Key agreement
C. Key exchange
D. Authentication


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Key exchange.

Asymmetric Key Usage

The public key and private key are generated as a key pair. The public key is available publicly while the private key must be highly protected. Ciphertext encrypted by the public key can only be decrypted by the private key and vice versa. 

Based on the security property stated above, the server authenticates the subject by decrypting the message encrypted by the subject’s private key. The result of authentication is a success if the decrypted number matches the one sent by the server so that the server assures the subject is the one registered previously.

Key Exchange

  • Determined. One party generate the key, and simply send that key to the other party; The other party has no influence on the key. e.g. Public Key Encryption
  • Agreed. Both of the two parties can agree on a key in such a way that both influence the outcome. e.g. Diffie-Hellman

Key Management

Authentication

Solely applying public key encryption doesn’t render authentication. It is because of the implementation of public key infrastructure (PKI) that server authentication can be done in the context of TLS/SSL. A server is trusted because a trusted CA signs the server’s certificate. However, in the context of this question, any party, including hackers, can send you its public key (not a certificate). A public key is just an anonymous sequence of bits if it is not delivered using a digital certificate signed by a trusted CA.

Reference


客戶端隨機生成一個會話密鑰,並使用伺服器的公開金鑰對其進行加密,然後將其發送到伺服器。伺服器再使用它的私密金鑰將會話密鑰進行解密以啟動安全通道。 以下哪項最能描述此過程?
A. Diffie-Hellman
B. Key agreement
C. Key exchange
D. Authentication

Leave a Reply