CISSP PRACTICE QUESTIONS – 20200215

Effective CISSP Questions

Your organization decides to implement the security functionality of the digital signature on the email system based on the public key infrastructure. Which of the following statements is not true about the initiative?
A. Certificate Authorities (CAs) are required
B. The email message is encrypted by the public key of the recipient
C. Both data integrity and sender identity can be assured
D. Only the digest of the email message is encrypted by the private key of the sender


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. The email message is encrypted by the public key of the recipient.

Email_Sign

Certificate Authorities (CAs) are required because they are core components of the public key infrastructure (PKI).

It’s a misnomer that an email message must be encrypted when it is signed. An email can be signed, encrypted, or both.

Typically, email messages are not directly encrypted by the public key of recipients. Instead, an encrypted email is protected by random secret keys and wrapped in a digital envelope which encloses those random secret keys protected by the public key of recipients.

The digital signature ensures data integrity, source authenticity, and non-repudiation by encrypting the hash/digest (extracted from the message) using the sender’s private key. However, it does not encrypt the message itself. The so-called “sign the message” is an operation to “encrypt the hash/digest of the message.”

2 thoughts on “CISSP PRACTICE QUESTIONS – 20200215

  1. My suggested answer is B. Email messages are encrypted by the public key of recipients.

    For a digital signature to work (e.g. to provide integrity and non-repudiation), the digest of email message is encrypted with the sender’s encrypts private key. The recipient then decrypts the digest of email message with the sender’s public key.

    A. Certificate Authorities (CAs) are required –> CAs are required for PKI (Public Key Infrastructure) to work.
    C. Both data integrity and sender identity can be assured –> A digital signature provides the recipient assurance of both data integrity and sender identity.
    D. Only the digest of email messages are encrypted by the private key of senders

Leave a Reply