312-50V13 · Question #591
312-50V13 Question #591: Real Exam Question with Answer & Explanation
The correct answer is B: Data encryption with AES-256: Provides high security with better performance than 3DES, but not. Explanation AES-256 (Option B) strikes the optimal balance between security and performance in a post-quantum threat environment: its 256-bit key provides approximately 128-bit security even against quantum attacks (Grover's algorithm halves effective key strength), making it res
Question
You are a cybersecurity professional managing cryptographic systems for a global corporation. The company uses a mix of Elliptic Curve Cryptography (ECC) for key exchange and symmetric encryption algorithms for data encryption. The time complexity of ECC key pair generation is O(n^3), where 'n' is the size of the key. An advanced threat actor group has a quantum computer that can potentially break ECC with a time complexity of O((log n)^2). Given that the ECC key size is 'n=512' and varying symmetric encryption algorithms and key sizes, which scenario would provide the best balance of security and performance?
Options
- AData encryption with AES-128: Provides moderate security and fast encryption, offering a balance
- BData encryption with AES-256: Provides high security with better performance than 3DES, but not
- CData encryption with 3DES using a 168-bit key: Offers high security but slower performance due
- DData encryption with Blowfish using a 448-bit key: Offers high security but potential compatibility
Explanation
Explanation
AES-256 (Option B) strikes the optimal balance between security and performance in a post-quantum threat environment: its 256-bit key provides approximately 128-bit security even against quantum attacks (Grover's algorithm halves effective key strength), making it resistant to the quantum adversary described, while AES remains one of the fastest and most efficient symmetric algorithms available due to widespread hardware acceleration support.
Option A (AES-128) falls short because Grover's algorithm reduces its effective security to only ~64 bits against a quantum computer, which is dangerously insufficient against the described advanced quantum threat actor. Option C (3DES-168) offers comparable security to AES-128 but performs significantly slower due to its triple-encryption process, making it both less secure against quantum threats and less efficient - a double disadvantage. Option D (Blowfish-448) has an impressively large key size but suffers from compatibility issues in enterprise environments, lacks hardware acceleration, and is considered a legacy algorithm with limited modern support.
💡 Memory Tip: Think "AES-256 = Gold Standard" - it's the algorithm recommended by NIST for post-quantum resistance in symmetric encryption. When in doubt on exam questions involving quantum threats, AES-256 is almost always the preferred symmetric choice because quantum attacks only halve its security, leaving a robust 128-bit effective strength.
Topics
Community Discussion
No community discussion yet for this question.