Your supervisor asks you to configure a local CA to help secure digital communications.
Which of the following best describes what your company is most likely implementing? (Select the best
answer.)
A.
a PKI
B.
symmetric encryption
C.
asymmetric encryption
D.
a oneway hash algorithm
Explanation:
Of the available choices, your company is most likely implementing a public key infrastructure (PKI) if you have
been asked to configure a local certificate authority (CA) to help secure digital communications. A PKI enables
encrypted communication by using a combination of a public and a private key pair. A certificate is bound to a
user’s public key, which is the key that is made available to anyone who wishes to send a message to the
owner of the key pair. The private key is a secret key that is not shared. If a private key becomes compromised
or is no longer needed, the associated CA should be notified immediately so that the certificate revocation list
(CRL) can be updated. Certificates typically contain information, such as the owner’s name and contact
information, the public key, the key validity period, the digital signature of the certificate, and the location where
the CRL can be retrieved.
Although asymmetric encryption is used in a PKI infrastructure, in this scenario you are more specifically
implementing a PKI. DiffieHellman (DH), Elliptical Curve Cryptography (ECC), and RSA are asymmetric
algorithms. DH is an asymmetric key exchange method. ECC and RSA are asymmetric encryption algorithms.
Asymmetric encryption, also known as public key encryption, uses a public key to encrypt data and a different,
yet mathematically related, private key to decrypt data. PKI uses a certificate authority to tie a public key to a
user ID to further ensure the confidentiality of data. Asymmetric encryption algorithms use more complex
mathematical functions than symmetric encryption algorithms. As a result, asymmetric encryption algorithms
take longer to encrypt and decrypt data than symmetric encryption algorithms. Other examples of asymmetric
encryption algorithms include Digital Signature Algorithm (DSA) and ElGamal.
Your company is not implementing symmetric encryption. Advanced Encryption Standard (AES), RC4, and
Triple Data Encryption Standard (3DES) are examples of symmetric encryption algorithms. When symmetricencryption algorithms are used, the same encryption key is used to encrypt and decrypt data. Two types of
symmetric algorithms exist: block ciphers and stream ciphers. Block ciphers derive their name from the fact
that they encrypt blocks of data. For example, AES encrypts 128bit blocks of data. By contrast, stream ciphers
are typically faster than block ciphers because stream ciphers encrypt text of variable length depending on the
size of the frame to be encrypted? stream ciphers are not limited to specific block sizes. For example, RC4, a
stream cipher, can encrypt data in streams of 8 through 2,048 bits. Other examples of symmetric encryption
algorithms include International Data Encryption Algorithm (IDEA), Skipjack, and Blowfish.Your company is not
implementing a oneway hash algorithm. Oneway hash algorithms, such as Message Digest 5 (MD5) can be
used to create checksums that represent every bit of data that is stored in a file. Future hashes created from
the same file can then be compared to the original hash to determine whether anything has changed. Secure
Hash Algorithm 1 (SHA1) is another hash algorithm that produces a fixedlength value that corresponds to the
content being parsed.Cisco: Cisco IOS PKI Overview Understanding and Planning a PKI: What Is Cisco IOS PKI