Systems Security Certified Practitioner – SSCP – Question0678

PGP uses which of the following to encrypt data?

A.
An asymmetric encryption algorithm
B. A symmetric encryption algorithm
C. A symmetric key distribution system
D. An X.509 digital certificate

Correct Answer: B

Explanation:

Notice that the question specifically asks what PGP uses to encrypt For this, PGP uses an symmetric key algorithm. PGP then uses an asymmetric key algorithm to encrypt the session key and then send it securely to the receiver. It is an hybrid system where both types of ciphers are being used for different purposes.
Whenever a question talks about the bulk of the data to be sent, Symmetric is always best to choice to use because of the inherent speed within Symmetric Ciphers. Asymmetric ciphers are 100 to 1000 times slower than Symmetric Ciphers.
The other answers are not correct because:
“An asymmetric encryption algorithm” is incorrect because PGP uses a symmetric algorithm to encrypt data.
“A symmetric key distribution system” is incorrect because PGP uses an asymmetric algorithm for the distribution of the session keys used for the bulk of the data.
“An X.509 digital certificate” is incorrect because PGP does not use X.509 digital certificates to encrypt the data, it uses a session key to encrypt the data.
References: Official ISC2 Guide page: 275 All in One Third Edition page: 664 -665