When using PGP, which of the following should the end user protect from compromise? (Select TWO).

A.
Private key

B.
CRL details

C.
Public key

D.
Key passwordE. Key escrow

F.
Recovery agent

Explanation:
A: In PGP only the private key belonging to the receiver can decrypt the session key.
PGP combines symmetric-key encryption and public-key encryption. The message is encrypted using a
symmetric encryption algorithm, which requires a symmetric key. Each symmetric key is used only once
and is also called a session key.
D: PGP uses a passphrase to encrypt your private key on your machine. Your private key is encrypted on
your disk using a hash of your passphrase as the secret key. You use the passphrase to decrypt and use
your private key.
Incorrect Answers:
B: A certificate revocation list (CRL) is a list of certificates. An end user of PGP does not have to be
concerned with the CRL.
C: The public key is available for everyone. It does need protection.
E: Key escrow is not related to PGP. Key escrow is the process of storing keys or certificates for use by law
enforcement.
F: The recovery agent does not need to be protected by the end user.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 262, 272-273, 285