CISSP-ISSAP · Question #29
Sam is creating an e-commerce site. He wants a simple security solution that does not require each customer to have an individual key. Which of the following encryption methods will he use?
The correct answer is B. Symmetric encryption. Symmetric encryption uses a single shared key for both encryption and decryption, making it ideal for Sam's scenario - one key encrypts all transactions without requiring unique keys per customer (e.g., HTTPS/TLS uses symmetric encryption after the handshake). Asymmetric encrypti
Question
Sam is creating an e-commerce site. He wants a simple security solution that does not require each customer to have an individual key. Which of the following encryption methods will he use?
Options
- AAsymmetric encryption
- BSymmetric encryption
- CS/MIME
- DPGP
How the community answered
(28 responses)- A11% (3)
- B82% (23)
- C4% (1)
- D4% (1)
Explanation
Symmetric encryption uses a single shared key for both encryption and decryption, making it ideal for Sam's scenario - one key encrypts all transactions without requiring unique keys per customer (e.g., HTTPS/TLS uses symmetric encryption after the handshake). Asymmetric encryption (A) uses a key pair (public/private), meaning each party effectively has their own keys - this is more complex and doesn't fit "no individual keys per customer." S/MIME (C) and PGP (D) are both email-focused encryption standards built on asymmetric cryptography, so they're wrong both by use case (email, not e-commerce sessions) and by requiring per-user key pairs.
Memory tip: Think "symmetric = same key" - one key, shared simply, symmetric simplicity.
Topics
Community Discussion
No community discussion yet for this question.