Which of the following keys has the SHORTEST lifespan?

A.
Secret key

B.
Public key

C.
Session key

D.
Private key

Explanation:
A session key is a single-use symmetric key that is used to encrypt messages between two users during a
single communication session.
If Tanya has a symmetric key she uses to always encrypt messages between Lance and herself, then this
symmetric key would not be regenerated or changed. They would use the same key every time they
communicated using encryption. However, using the same key repeatedly increases the chances of the key
being captured and the secure communication being compromised. If, on the other hand, a new symmetric key
were generated each time Lance and Tanya wanted to communicate, it would be used only during their one
dialogue and then destroyed. If they wanted to communicate an hour later, a new session key would be created
and shared.
A session key provides more protection than static symmetric keys because it is valid for only one session
between two computers. If an attacker were able to capture the session key, she would have a very small
window of time to use it to try to decrypt messages being passed back and forth.
Incorrect Answers:
A: A secret key is static in nature. It has no fixed lifespan and is used until someone decides to change the key.
Session keys are used for single communication sessions so they have a much shorter lifespan.
B: A public key is issued by a CA and typically has a lifespan of one or two years. Session keys are used for
single communication sessions so they have a much shorter lifespan.
D: A private key is issued by a CA and typically has a lifespan of one or two years. Session keys are used for
single communication sessions so they have a much shorter lifespan.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 798-799