Correction 70-293 pratice test from ms press

Discussion in 'MCSE' started by Konoki, Oct 14, 2008.

  1. Konoki

    Konoki Guest

    Well I've been cramming for the MCSE test since I have been out of work and
    I just ran across an incorrect answer from the Microsoft MCSE self-pace
    training kit for test 70-293 from Microsoft press (yes I did check the ms
    web site to look for this correction already). Ok let me know if I am wrong
    here but it really does look like a fubar.




    (Question)

    You are a security engineer for an insurance agency. The company transmits
    sensitive documents to one of its customers. You need to ensure that only
    the customer can decipher the documents. The Customer also needs to be
    assured that the documents were transmitted from your company. Your company
    already has a public key pair that can be used for encryption, decryption
    and signing.



    Then it tells you to select from a list the steps that you should take so
    securely transmit a document to the customer.



    (Available options)



    Sign the documents using the private key of the customer.

    Sign the document using the public key of the customer.

    Encrypt the document using the private key of the customer.

    Obtain a private key from the customer.

    Encrypt the document using the private key of the company.

    Encrypt the document using the public key of the company.

    Sign the document using the public key of the company.

    Obtain a public key pair from the customer.

    Obtain a public key from the customer.

    Encrypt the document using the public key of the customer.

    Sign the document using the private key of the company.



    (Their Answer)



    Obtain a public key pair from the customer.

    Encrypt the document using the public key of the customer.

    Sign the document using the public key of the company.



    (Their Explanation "which differes from their answer and which I believe to
    be correct")



    You should first obtain a public key from the customer. The customer will
    need to generate this key along with a corresponding private key. The
    customer should generally give the public key to all users who need to
    encrypt and send the documents to the customer.



    You should then encrypt the document with the customer's public key. Once
    the documents is encrypted, only the corresponding private key can be used
    to decrypt the document.



    You should sign the document using the company's private key. This ensures
    that the documents have not been tampered with when the customer receives
    it. The customer will need to have your company's public key.




    (Comments)

    The differences are the answer states that you obtain a key pair and
    actually you just obtain a public key.



    Next difference is they say you should use your companies public key to
    state that is it from you and then they say you should use your companies
    private key to ensure it is from you.



    For anybody studying for this test it is easy to over look and I did the
    first 4 times I went over that question.
     
    Konoki, Oct 14, 2008
    #1
    1. Advertisements

  2. Welcome to the club!... There are those who have... and those who have not
    yet studied. :)
    A valid semantical difference.

    The explanation is actually correct, not the answer. You encrypt the
    document with the recipient's public key so that only the intended recipient
    (who possesses the only private key) can decrypt the document. You then sign
    the document (always!) with your private key so that ANYBODY can use your
    public key to verify that you're the sender of the message.


    --
    Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)

    MS WSUS Website: http://www.microsoft.com/wsus
    My Websites: http://www.onsitechsolutions.com;
    http://wsusinfo.onsitechsolutions.com
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
     
    Lawrence Garvin, Oct 14, 2008
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.