ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your security team is designing a solution that uses OpenPGP to encrypt database exports before uploading them to a shared Amazon S3 bucket for a partner company. The environment does not rely on a corporate certificate authority, so the team needs to understand how OpenPGP verifies that the partner's public key is genuine. Which method correctly explains how trust is established in PGP's Web of Trust model?
Each user signs verified public keys of others; trust is inferred from chains of these signatures, forming a decentralized network that lets recipients calculate a key's validity.
PGP clients query a global hierarchical public key infrastructure operated by IANA to obtain certificates that have been validated by subordinate certificate authorities.
The sender computes the recipient's public key dynamically using elliptic-curve Diffie-Hellman and the recipient's email address, eliminating the need for prior exchange.
Trust is provided by publishing key fingerprints in DNSSEC-protected TXT records that clients automatically accept if DNS validation succeeds.
In PGP's Web of Trust, there is no single, central certificate authority. Instead, individual users digitally sign one another's public keys after verifying identities through out-of-band means (for example, in person or via a known channel). A user's software can then evaluate chains of these signatures-trust paths-to decide whether to accept a key as valid. Publishing key fingerprints in DNS records can supplement distribution but is not the primary trust mechanism. Likewise, PGP does not rely on a hierarchical CA structure managed by IANA, nor can a sender derive a recipient's public key on demand using elliptic-curve operations; the key must already exist and be validated. Therefore, the option describing user signatures forming a web of endorsements is correct.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does the Web of Trust in OpenPGP work?
Open an interactive chat with Bash
What is the role of key fingerprints in OpenPGP?
Open an interactive chat with Bash
How does OpenPGP differ from hierarchical PKI models?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .