CERTIFIED-IN-CYBERSECURITY Question #495: Real Exam Question with Answer & Explanation

Question

Which of the following statements is TRUE regarding digital certificates?

Options

• AThey are used to guarantee the non-repudiation of digital documents
• BThey are used to guarantee the confidentiality of digital documents
• CThey are used to guarantee the integrity of digital documents
• DThey are used to guarantee the authenticity of digital documents

Explanation

Digital certificates are digital credentials that link a public key to an entity's identity, providing a means to verify that an entity is who it claims to be and enabling the authentication of digital documents (see the ISC2 Study Guide, Chapter 1, Module 1). For example, when a user visits a secure Web site, the Web site presents a digital certificate to the user's browser. The browser then verifies the certificate with a trusted Certificate Authority (CA), ensuring the authenticity of the Web site. The CA has verified the website's ownership before issuing the certificate. This process may include checking the applicant's business records, physical location, and sometimes even their personal identity. The remaining options are false. Digital certificates do not directly guarantee the confidentiality of digital documents, which is typically ensured by encryption. They also do not guarantee the integrity of digital documents, which is typically maintained through hashing. Finally, they do not guarantee the non-repudiation of digital documents, which is achieved by digital signatures. While these security measures may be associated with digital certificates, they are not the primary function of digital certificates

No community discussion yet for this question.