Test your understanding of cryptographic solutions and PKI concepts with these Chapter 4 review questions. Designed for beginners preparing for CompTIA Security+ SY0–701 Domain 1, this quiz reinforces essential concepts in encryption, hashing, certificates, blockchain, and cryptography only.

👉 New here? Before attempting these questions, read Chapter 4 — Cryptographic Solutions & PKI Concepts (Security+ SY0–701 Domain 1) to understand the concepts first.

1. What is the primary purpose of a private key in a Public Key Infrastructure (PKI)? A. The encryption of sensitive data B. Storing cryptographic keys C. Encrypting messages for secure transmission D. Decryption and digital signatures
2. Which type of encryption employs a single key to encrypt substantial volumes of data, utilizing a block cipher technique? A. Hashing B. Asymmetric encryption C. Symmetric encryption D. A key exchange
3. What technique involves transforming sensitive data, such as credit card numbers, into unique tokens that retain no intrinsic value and are used for secure transactions? A. Obfuscation B. Salting C. Tokenization D. Steganography
4. Which cryptographic method involves utilizing intricate mathematical operations to guarantee the irreversible transformation of data during encryption? A. Transport/communication encryption B. Asymmetric encryption C. A key exchange D. Algorithm encryption
5. What term is used to describe the catalogs that contain invalidated digital certificates and ensure the security of online communication? A. Self-signed B. Certificate signing request (CSR) generation C. Certificate authorities D. Certificate revocation lists (CRLs)/the Online Certificate Status Protocol (OCSP)
6. What do you need to securely store cryptographic keys and perform cryptographic operations within a computer system and which encryption level involves the conversion of entire disks into encrypted formats? (Choose TWO.) A. A Trusted Platform Module (TPM) chip B. A Hardware Security Module (HSM) C. Encryption key management software D. Password-based encryption E. Full-Disk Encryption (FDE)
7. What does a key exchange involve in cryptography? A. Encrypting large amounts of data using a single key B. Securely transmitting cryptographic keys C. Ensuring encryption irreversibility D. Utilizing private and public keys for decryption
8. What type of digital certificate is self-generated, lacks third-party validation, and is typically used for multiple internal servers to save costs? A. A wildcard B. Certificate authorities C. Certificate signing request (CSR) generation D. Self-signed
9. What technology serves as a decentralized digital ledger, ensuring secure and tamper-resistant record-keeping of transactions? A. Encryption B. Digital signatures C. Blockchain D. Proof of work
10. Which of the following techniques involves the strategic act of deliberately obscuring code to create an intricate puzzle, making the understanding of the code challenging? A. Obfuscation B. Tokenization C. Steganography D. Data masking

Chapter 4 Solution:

1. The correct answer is option D. The private key in PKI is used for both decryption and digital signatures. It decrypts data that was encrypted using the matching public key and is also used to create digital signatures for authentication, integrity, and non-repudiation. For example, when Mary receives an encrypted email from George, she uses her private key to read the message. Option A is incorrect because public keys are used for encryption, not private keys. Option B is incorrect because a trusted third party that stores cryptographic keys is known as key escrow. Option C is incorrect because encryption is typically performed using the recipient's public key, not the private key.
2. The correct answer is option C. Symmetric encryption uses a single key for both encryption and decryption and is ideal for encrypting large amounts of data quickly using block cipher techniques. For example, AES is commonly used to encrypt files, hard drives, and VPN traffic. Option A is incorrect because hashing is used for data integrity and password protection and is a one-way function. Option B is incorrect because asymmetric encryption uses two keys and is slower for handling large data volumes. Option D is incorrect because key exchange is used to securely share cryptographic keys, not to encrypt large amounts of data.
3. The correct answer is option C. Tokenization transforms sensitive data into meaningless tokens that hold no real value if stolen. For example, a credit card number can be replaced with a token during an online payment transaction. Even if attackers intercept the token, they cannot retrieve the original card details. Option A is incorrect because obfuscation hides code complexity rather than transforming sensitive data. Option B is incorrect because salting adds random values to passwords before hashing. Option D is incorrect because steganography hides information inside files such as images or audio.
4. The correct answer is option D. Encryption algorithms use complex mathematical operations to make encrypted data extremely difficult to reverse without the proper key. Examples include AES, RSA, and ECC. These algorithms form the foundation of secure cryptography. Option A is incorrect because transport encryption secures data during transmission. Option B is incorrect because asymmetric encryption focuses on using two keys for encryption and decryption. Option C is incorrect because Diffie–Hellman is mainly used for secure key exchange.
5. The correct answer is option D. Certificate Revocation Lists (CRLs) and the Online Certificate Status Protocol (OCSP) are used to identify invalid or revoked certificates. For example, if a website certificate is compromised, browsers can check CRLs or OCSP to determine whether the certificate should still be trusted. OCSP is faster because it performs real-time checks. Option A is incorrect because self-signed certificates are created internally without third-party validation. Option B is incorrect because a CSR is used to request a new certificate. Option C is incorrect because certificate authorities issue and validate certificates.
6. The correct answers are option A and option E. A Trusted Platform Module (TPM) is a hardware chip that securely stores cryptographic keys and protects the boot process from tampering. Full-Disk Encryption (FDE) encrypts the entire storage drive to protect all stored data. For example, BitLocker commonly uses TPM together with FDE to secure Windows systems. Option B is incorrect because HSMs mainly secure and manage cryptographic keys in enterprise environments. Option C is incorrect because key management software manages encryption keys but does not directly perform hardware-based encryption. Option D is incorrect because password-based encryption relies on passwords rather than dedicated hardware security.
7. The correct answer is option B. Key exchange is the secure process of sharing cryptographic keys between communicating parties. For example, Diffie–Hellman allows two users to establish a secure shared key over an insecure network. Option A is incorrect because symmetric encryption is responsible for encrypting large data volumes. Option C is incorrect because encryption irreversibility relates to algorithms and hashing, not key exchange. Option D is incorrect because using public and private keys describes asymmetric encryption.
8. The correct answer is option D. A self-signed certificate is generated and signed by the same organization without validation from a trusted third-party CA. These certificates are usually used for internal servers, testing environments, or lab systems. For example, a company may use self-signed certificates on internal web portals. Option A is incorrect because wildcard certificates secure multiple subdomains under the same domain. Option B is incorrect because certificate authorities sign certificates using their trusted root keys. Option C is incorrect because CSR generation is the process of requesting a certificate.
9. The correct answer is option C. Blockchain is a decentralized digital ledger that securely records transactions across multiple systems without relying on a central authority. For example, Bitcoin uses blockchain technology to record cryptocurrency transactions transparently and securely. Option A is incorrect because encryption protects data but is not a distributed ledger. Option B is incorrect because digital signatures provide authentication and integrity. Option D is incorrect because proof of work is a consensus mechanism used to validate blockchain transactions.
10. The correct answer is option A. Obfuscation intentionally makes code more difficult to understand while keeping it functional. This helps protect software from reverse engineering and unauthorized analysis. For example, malware authors often obfuscate malicious code to avoid detection by security tools. Option B is incorrect because tokenization replaces sensitive data with tokens. Option C is incorrect because steganography hides data within files. Option D is incorrect because data masking replaces sensitive information with fictional values for privacy protection.

🎯 Note

These review questions are designed to strengthen your understanding of cryptographic concepts and secure communication mechanisms, helping you prepare for real-world Security+ exam scenarios.

Keep practicing consistently; the more you test yourself, the stronger your understanding of encryption, PKI, hashing, certificates, and digital security will become before moving on to the next chapter.

👉 If this chapter helped you better understand cryptographic solutions and how they protect modern digital environments, feel free to share it with others who are starting their cybersecurity journey or revising for the Security+ certification.