Correction 70-293 pratice test from ms press

Well I've been cramming for the MCSE test since I have been out of work and
I just ran across an incorrect answer from the Microsoft MCSE self-pace
training kit for test 70-293 from Microsoft press (yes I did check the ms
web site to look for this correction already). Ok let me know if I am wrong
here but it really does look like a fubar.




(Question)

You are a security engineer for an insurance agency. The company transmits
sensitive documents to one of its customers. You need to ensure that only
the customer can decipher the documents. The Customer also needs to be
assured that the documents were transmitted from your company. Your company
already has a public key pair that can be used for encryption, decryption
and signing.



Then it tells you to select from a list the steps that you should take so
securely transmit a document to the customer.



(Available options)



Sign the documents using the private key of the customer.

Sign the document using the public key of the customer.

Encrypt the document using the private key of the customer.

Obtain a private key from the customer.

Encrypt the document using the private key of the company.

Encrypt the document using the public key of the company.

Sign the document using the public key of the company.

Obtain a public key pair from the customer.

Obtain a public key from the customer.

Encrypt the document using the public key of the customer.

Sign the document using the private key of the company.



(Their Answer)



Obtain a public key pair from the customer.

Encrypt the document using the public key of the customer.

Sign the document using the public key of the company.



(Their Explanation "which differes from their answer and which I believe to
be correct")



You should first obtain a public key from the customer. The customer will
need to generate this key along with a corresponding private key. The
customer should generally give the public key to all users who need to
encrypt and send the documents to the customer.



You should then encrypt the document with the customer's public key. Once
the documents is encrypted, only the corresponding private key can be used
to decrypt the document.



You should sign the document using the company's private key. This ensures
that the documents have not been tampered with when the customer receives
it. The customer will need to have your company's public key.




(Comments)

The differences are the answer states that you obtain a key pair and
actually you just obtain a public key.



Next difference is they say you should use your companies public key to
state that is it from you and then they say you should use your companies
private key to ensure it is from you.



For anybody studying for this test it is easy to over look and I did the
first 4 times I went over that question.

 

Welcome to the club!... There are those who have... and those who have not
yet studied.

A valid semantical difference.

The explanation is actually correct, not the answer. You encrypt the
document with the recipient's public key so that only the intended recipient
(who possesses the only private key) can decrypt the document. You then sign
the document (always!) with your private key so that ANYBODY can use your
public key to verify that you're the sender of the message.


--
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin