Home / Isaca / CISA

Question list

List of questions

Question 1

(0)

What would be an IS auditor's BEST recommendation upon finding that a third-party IT service provider hosts the organization's human resources (HR) system in a foreign country?

Question 2

(0)

Which of the following is the BEST way to enforce the principle of least privilege on a server containing data with different security classifications?

Question 3

(0)

The PRIMARY benefit of automating application testing is to:

Question 4

(0)

Which of the following BEST addresses the availability of an online store?

Question 5

(0)

Which of the following is the BEST way to prevent social engineering incidents?

Question 6

(0)

The PRIMARY purpose of a configuration management system is to:

Question 7

(0)

Which of the following is the MOST important consideration when evaluating the data retention policy for a global organization with regional offices in multiple countries?

Question 8

(0)

Which of the following BEST enables alignment of IT with business objectives?

Question 9

(0)

Which of the following are used in a firewall to protect the entity's internal resources?

Question 10

(0)

Which of the following would be MOST impacted if an IS auditor were to assist with the implementation of recommended control enhancements?

Question 1159 - CISA discussion

To ensure confidentiality through the use of asymmetric encryption, a message is encrypted with which of the following?

Recipient's public key

Sender's private key

Sender's public key

Recipient's private key

Suggested answer: A

Explanation:

The best option for ensuring confidentiality through the use of asymmetric encryption is to encrypt a message with the recipient's public key (option A). This is because:

Asymmetric encryption, also known as public-key cryptography, is a type of encryption that uses a pair of keys to encrypt and decrypt data.The pair of keys includes a public key, which can be shared with anyone, and a private key, which is kept secret by the owner12.

In asymmetric encryption, the sender uses the recipient's public key to encrypt the data. The recipient then uses their private key to decrypt the data.This approach allows for secure communication between two parties without the need for both parties to have the same secret key12.

Encrypting a message with the recipient's public key ensures that only the recipient can decrypt it with their private key.This provides confidentiality, which means that the message is protected from unauthorized access or disclosure12.

Encrypting a message with the sender's private key (option B) does not ensure confidentiality, but rather authentication, which means that the message can be verified as coming from the sender.This is because anyone can decrypt the message with the sender's public key, but only the sender can encrypt it with their private key12.

Encrypting a message with the sender's public key (option C) or the recipient's private key (option D) does not make sense, as it would render the message unreadable by both parties.This is because neither party has the corresponding key to decrypt it12.

Therefore, the best option for ensuring confidentiality through the use of asymmetric encryption is to encrypt a message with the recipient's public key (option A), as this ensures that only the recipient can decrypt it with their private key.

Show Answer

asked 18/09/2024

Matt Gifford

33 questions

Your answer: A B C D

0 comments

Sorted by