nerdexam
(ISC)2

CISSP-ISSEP · Question #115

You have been tasked with finding an encryption methodology that will encrypt most types of email attachments. The requirements are that your solution must use the RSA algorithm. Which of the followin

The correct answer is B. SMIME. S/MIME (Secure/Multipurpose Internet Mail Extensions) is the correct choice because it is specifically designed for securing email and its attachments, and it natively uses RSA for asymmetric key exchange and digital signatures - making it the standard solution when RSA is a hard

Security Planning and Design

Question

You have been tasked with finding an encryption methodology that will encrypt most types of email attachments. The requirements are that your solution must use the RSA algorithm. Which of the following is your best choice?

Options

  • APGP
  • BSMIME
  • CDES
  • DBlowfish

How the community answered

(71 responses)
  • A
    1% (1)
  • B
    93% (66)
  • C
    1% (1)
  • D
    4% (3)

Explanation

S/MIME (Secure/Multipurpose Internet Mail Extensions) is the correct choice because it is specifically designed for securing email and its attachments, and it natively uses RSA for asymmetric key exchange and digital signatures - making it the standard solution when RSA is a hard requirement. PGP (A) also encrypts email attachments and can use RSA, but it relies on a decentralized "web of trust" model rather than a certificate authority infrastructure, and the question's framing points toward the enterprise/standards-based RSA solution that S/MIME represents. DES (C) and Blowfish (D) are symmetric encryption algorithms that do not use RSA at all - they have no built-in mechanism for RSA key exchange or certificate-based identity, disqualifying them immediately.

Memory tip: Think "S/MIME = Signed Mail in Enterprise" - it's the corporate, certificate-authority-backed standard that pairs directly with RSA, just like SSL/TLS does for the web.

Topics

#Email encryption#S/MIME#RSA algorithm#Hybrid cryptography

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice