CompTIA Security+ (SY0-501) — Question 998

After a recent internal breach, a company decided to regenerate and reissue all certificates used in the transmission of confidential information. The company places the greatest importance on confidentiality and non-repudiation, and decided to generate dual key pairs for each client. Which of the following BEST describes how the company will use these certificates?

Answer options

• A. One key pair will be used for encryption and decryption. The other will be used to digitally sign the data.
• B. One key pair will be used for encryption. The other key pair will provide extended validation.
• C. Data will be encrypted once by each key, doubling the confidentiality and non-repudiation strength.
• D. One key pair will be used for internal communication, and the other will be used for external communication.

Correct answer: A

Explanation

The correct answer is A because one key pair is specifically designated for encrypting and decrypting data, while the other is used for creating digital signatures, ensuring both confidentiality and non-repudiation. Option B is incorrect as extended validation does not involve a separate key pair. Option C misunderstands the function of the keys, as each key does not encrypt the data separately. Option D is also wrong because both key pairs are not designated for different communication types; they have distinct purposes within the same context.