CompTIA
CAS-002 · Question #176
CAS-002 Question #176: Real Exam Question with Answer & Explanation
The correct answer is B: Non-repudiation. Non-repudiation through digital signatures allows the CIO to cryptographically prove which emails were signed by the CEO's unique private key versus those sent by the marketing department.
Question
The marketing department at Company A regularly sends out emails signed by the company's Chief Executive Officer (CEO) with announcements about the company. The CEO sends company and personal emails from a different email account. During legal proceedings against the company, the Chief Information Officer (CIO) must prove which emails came from the CEO and which came from the marketing department. The email server allows emails to be digitally signed and the corporate PKI provisioning allows for one certificate per user. The CEO did not share their password with anyone. Which of the following will allow the CIO to state which emails the CEO sent and which the marketing department sent?
Options
- AIdentity proofing
- BNon-repudiation
- CKey escrow
- DDigital rights management
Explanation
Non-repudiation through digital signatures allows the CIO to cryptographically prove which emails were signed by the CEO's unique private key versus those sent by the marketing department.
Common mistakes.
- A. Identity proofing is the process of verifying a user's identity during enrollment, not a mechanism for proving message origin after the fact during legal proceedings.
- C. Key escrow is a mechanism for storing copies of cryptographic keys for recovery purposes and does not itself prove who signed or sent a specific email.
- D. Digital rights management controls how content is accessed and distributed after creation but does not provide cryptographic proof of message origin or authorship.
Concept tested. Non-repudiation via digital signatures and PKI
Reference. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf
Community Discussion
No community discussion yet for this question.