nerdexam
(ISC)2

CISSP-ISSAP · Question #29

Sam is creating an e-commerce site. He wants a simple security solution that does not require each customer to have an individual key. Which of the following encryption methods will he use?

The correct answer is B. Symmetric encryption. Symmetric encryption uses a single shared key for both encryption and decryption, making it ideal for Sam's scenario - one key encrypts all transactions without requiring unique keys per customer (e.g., HTTPS/TLS uses symmetric encryption after the handshake). Asymmetric encrypti

Architect for Application Security

Question

Sam is creating an e-commerce site. He wants a simple security solution that does not require each customer to have an individual key. Which of the following encryption methods will he use?

Options

  • AAsymmetric encryption
  • BSymmetric encryption
  • CS/MIME
  • DPGP

How the community answered

(28 responses)
  • A
    11% (3)
  • B
    82% (23)
  • C
    4% (1)
  • D
    4% (1)

Explanation

Symmetric encryption uses a single shared key for both encryption and decryption, making it ideal for Sam's scenario - one key encrypts all transactions without requiring unique keys per customer (e.g., HTTPS/TLS uses symmetric encryption after the handshake). Asymmetric encryption (A) uses a key pair (public/private), meaning each party effectively has their own keys - this is more complex and doesn't fit "no individual keys per customer." S/MIME (C) and PGP (D) are both email-focused encryption standards built on asymmetric cryptography, so they're wrong both by use case (email, not e-commerce sessions) and by requiring per-user key pairs.

Memory tip: Think "symmetric = same key" - one key, shared simply, symmetric simplicity.

Topics

#Symmetric encryption#Key management#Encryption fundamentals

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSAP Practice