An administrator needs to submit a new CSR to a CA. Which of the following is a valid FIRST step?

A.
Generate a new private key based on AES.

B.
Generate a new public key based on RSA.

C.
Generate a new public key based on AES.

D.
Generate a new private key based on RSA.

Explanation:
Before creating a CSR, the applicant first generates a key pair, keeping the private key secret. The private
key is needed to produce, but it is not part of, the CSR.
The private key is an RSA key. The private encryption key that will be used to protect sensitive
information.
Note: A CSR or Certificate Signing request is a block of encrypted text that is generated on the server that
the certificate will be used on. It contains information that will be included in your certificate such as your
organization name, common name (domain name), locality, and country. It also contains the public key
that will be included in your certificate. A private key is usually created at the same time that you create
the CSR.Incorrect Answers:
A: The private key that is generated is an RSA key, not an AES key.
B: The produce the CSR you need a private key, not a public key.
C: The produce the CSR you need a private key, not a public key.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 279-280
http://en.wikipedia.org/wiki/Certificate_signing_request