CompTIA Security Plus Mock Test Q1113

Which of the following must be kept secret for a public key infrastructure to remain secure?

A. Certificate Authority
B. Certificate revocation list
C. Public key ring
D. Private key

Correct Answer: D
Section: Cryptography

Explanation:
The private key, which is also called the secret key, must be kept secret.

Incorrect Answers:
A: The CA must be accessible. It should not be kept secret.
A certificate authority (CA) is an organization. A CA is responsible for issuing, revoking, and distributing certificates.
B: The CRL should be readily accessible. It should be posted on a publically accessible location.
A CRL is a database of revoked keys and signatures.
C: A public key ring must be available for all.
A public key ring is often implemented as a file with public keys in it.
The traditional PGP Key Ring is a sequential file with a sequential list of keys in it.
Slightly more advanced key rings, such as those used in Key Servers actually use a database.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 279-280, 279-285, 285