CompTIA Security Plus Mock Test Q446

Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify that the email came from Joe and decrypt it? (Select TWO).

A. The CA’s public key
B. Ann’s public key
C. Joe’s private key
D. Ann’s private key
E. The CA’s private key
F. Joe’s public key

Correct Answer: D,F
Section: Compliance and Operational Security

Explanation:
Joe wants to send a message to Ann. It’s important that this message not be altered. Joe will use the private key to create a digital signature. The message is, in effect, signed with the private key. Joe then sends the message to Ann. Ann will use the public key attached to the message to validate the digital signature. If the values match, Ann knows the message is authentic and came from Joe. Ann will use a key provided by Joe — the public key — to decrypt the message. Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit. Thus Ann would compare the signature area referred to as a message in the message with the calculated value digest (her private key in this case). If the values match, the message hasn’t been tampered with and the originator is verified as the person they claim to be.

Incorrect Answers:
A: The certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates.
B: Ann is the recipient and her public key is not required to verify e-mail sent by Joe.
C: Ann requires Joe’s public key, not his private key.
E: A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates. A certificate is nothing more than a mechanism that associates the public key with an individual.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 261, 279
http://searchsecurity.techtarget.com/definition/digital-signature