CompTIA Security Plus Mock Test Q1093

An administrator needs to submit a new CSR to a CA. Which of the following is a valid FIRST step?

A. Generate a new private key based on AES.
B. Generate a new public key based on RSA.
C. Generate a new public key based on AES.
D. Generate a new private key based on RSA.


Correct Answer: D
Section: Cryptography

Explanation:
Before creating a CSR, the applicant first generates a key pair, keeping the private key secret. The private key is needed to produce, but it is not part of, the CSR.
The private key is an RSA key. The private encryption key that will be used to protect sensitive information.
Note: A CSR or Certificate Signing request is a block of encrypted text that is generated on the server that the certificate will be used on. It contains information that will be included in
your certificate such as your organization name, common name (domain name), locality, and country. It also contains the public key that will be included in your certificate. A private
key is usually created at the same time that you create the CSR.

Incorrect Answers:
A: The private key that is generated is an RSA key, not an AES key.
B: The produce the CSR you need a private key, not a public key.
C: The produce the CSR you need a private key, not a public key.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 279-280
http://en.wikipedia.org/wiki/Certificate_signing_request