CISA Certified Information Systems Auditor – Question1577
An investment advisor e-mails periodic newsletters to clients and wants reasonable assurance that no one has modified the newsletter. This objective can be achieved by: A. encrypting the hash of the newsletter using the advisor's private key. B. encrypting the hash of the newsletter using the advisor's public key. C. digitally signing the document using the advisor's private key. D. encrypting the newsletter using the advisor's private key.
Correct Answer: A
Explanation:
Explanation:
There is no attempt on the part of the investment advisor to prove their identity or to keep the newsletter confidential. The objective is to assure the receivers that it came to them without any modification, i.e., it has message integrity. Choice A is correct because the hash is encrypted using the advisor’s private key. The recipients can open the newsletter, recompute the hash and decrypt the received hash using the advisor’s public key. If the two hashes are equal, the newsletter was not modified in transit. Choice B is not feasible, for no one other than the investment advisor can open it. Choice C addresses sender authentication but not message integrity. Choice D addresses confidentiality, but not message integrity, because anyone can obtain the investment advisor’s public key, decrypt the newsletter, modify it and send it to others. The interceptor will not be able to use the advisor’s private key, because they do not have it.
Anything encrypted using the interceptor’s private key can be decrypted by the receiver only by using their public key.
Please disable your adblocker or whitelist this site!