Exam CISSP topic 1 question 173 discussion

due to the number of keys created!

Supposing we have 10 persons. For asymmetric key, each person have to store 1 own private key for decrypting receiving data and 9 public keys of others persons for encrypting sending data. The total available storing keys of 10 persons are 10x10 = 100 (exponential). While in case of symmetric key, every of two persons will share a common key then the total keys stored are (10x9)/2=45

N*(N-1)/2

B. Exponential growth when using asymmetric keys The MOST significant key management problem due to the number of keys created is typically associated with the use of asymmetric keys. In asymmetric cryptography (also known as public-key cryptography), each entity typically has a pair of keys: a public key and a private key. As the number of entities (such as users or systems) increases, the number of key pairs grows exponentially. Option B, "Exponential growth when using asymmetric keys," addresses this challenge accurately. The growth is exponential because, for every new entity, a new key pair must be generated, resulting in a quadratic increase in the number of keys to manage. While managing symmetric keys (Option A) also poses challenges, the growth is typically linear, not exponential, as each entity requires only one key. Options C and D touch on other aspects of key management but are not as directly related to the exponential growth issue associated with the number of keys created

I think it's either A or C. The number of generated keys seems to be the cause... Considering this statement, I believe A is the correct answer. Whether the number of keys is small or large, it is necessary to maintain security in the storage of secret keys. Is it acceptable not to enhance security if the number of keys is small? I don't think so

(N * (N-1)) / 2.

A is correct

A is correct

C is the correct answer. no matter symmetric or asymmetric or even your VPN keys, or your routing protocol peering keys.... they all have to be safe guarded, even from internal users and IT guys, you dont wants your router to peer with a masquerade as partner knowing your keys.

Obviously,A is not correct compared to B. protecting/Storage of key is smore concern.

for Asymmetric key = no*2 so if we have 10 subjects we need 20keys. for Symmetric key =10*(10-1)/2=45keys

D. Keys are more difficult to provision and revoke The number of keys created can create a significant key management problem. As the number of keys increases, it becomes more difficult to manage and maintain them. One of the most significant problems is that keys are more difficult to provision and revoke. This is because as the number of keys increases, it becomes harder to keep track of which keys are associated with which users, systems, or services. This can make it harder to ensure that the right keys are being used by the right people and that keys are being used for the right purposes. Additionally, revoking a key can be challenging as it requires identifying all the locations where that key is being used and updating them accordingly. While the other options mention that key management can be an issue but they are not the most significant key management problem as the exponential growth when using symmetric or asymmetric keys can be handled

Read "somkiatr's" comments, he hit in on the head.

for Asymmetric key= no*2 so if we have 10 subjects we need 20keys. for symmetric key=10*(10-1)/2=45keys

C is correct

Question about key management “problem” due to the “number of keys” created, think store the key is the problem

A? , it’s B