What does a Public Key Infrastructure (PKI) primarily provide?

A. Anonymity
B. Integrity and Non-Repudiation
C. Strong Encryption
D. Firewall Policies

Answer: B. Integrity and Non-Repudiation
Explanation:

PKI Breakdown

•  Integrity and Non-Repudiation: PKI uses digital signatures to ensure these two.  

  • Integrity: By hashing the data before signing it, PKI proves the data hasn't changed.  

  •  Non-Repudiation: Because a digital signature is created using a Private Key that only the owner should possess, the owner cannot later deny (repudiate) having sent the message or signed the document.  

•  Authentication: This is the third major pillar of PKI.  A Digital Certificate binds a public key to a specific identity (like a person or a website), allowing you to verify exactly who you are communicating with.

•  Key Management: PKI provides the infrastructure (CAs, RAs, and CRLs) to distribute and manage keys at scale.  Without PKI, sharing asymmetric keys securely across the internet would be nearly impossible. 

Why the other options are incorrect

• A. Anonymity: PKI is actually the opposite of anonymity. Its purpose is to verify and prove identity, not hide it.  

• C. Strong Encryption: This is a common "trap" answer. While PKI enables asymmetric encryption, encryption is a function of the algorithm (like RSA or ECC), whereas PKI is the management framework. Many people use PKI only for signing (Integrity/Non-repudiation) without ever encrypting the actual message body.

• D. Firewall Policies: Firewalls operate at the network/transport layers to filter traffic based on IP or ports. PKI is a cryptographic framework operating largely at the application layer or within secure tunnels (like TLS).  

The "CISSP Rule of Thumb": Encryption provides Confidentiality.  Digital Signatures (backed by PKI) provide Integrity, Authentication, and Non-Repudiation.