nerdexam
Isaca

CDPSE · Question #24

Which of the following is the PRIMARY reason that a single cryptographic key should be used for only one purpose, such as encryption or authentication?

The correct answer is B. It minimizes the risk if the cryptographic key is compromised.. The principle of cryptographic key separation (one key per purpose) is a risk-containment strategy. If a key used for multiple functions is compromised, all functions it supports are simultaneously exposed. By limiting a key to a single purpose, a compromise only impacts that spe

Privacy Architecture

Question

Which of the following is the PRIMARY reason that a single cryptographic key should be used for only one purpose, such as encryption or authentication?

Options

  • AIt eliminates cryptographic key collision.
  • BIt minimizes the risk if the cryptographic key is compromised.
  • CIt is more practical and efficient to use a single cryptographic key.
  • DEach process can only be supported by its own unique key management process.

How the community answered

(35 responses)
  • A
    3% (1)
  • B
    91% (32)
  • C
    6% (2)

Explanation

The principle of cryptographic key separation (one key per purpose) is a risk-containment strategy. If a key used for multiple functions is compromised, all functions it supports are simultaneously exposed. By limiting a key to a single purpose, a compromise only impacts that specific function, minimizing the blast radius. Key collision is a different cryptographic concept unrelated to key reuse. Using one key for everything is actually less practical and efficient from a security management perspective. While different processes may require different key management policies, that is a secondary consideration - the primary driver is limiting exposure upon compromise.

Topics

#Cryptographic key management#Key purpose#Risk mitigation#Information security principles

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice