nerdexam
(ISC)2

CISSP · Question #1423

In order to provide dual assurance in a digital signature system, the design MUST include which of the following?

The correct answer is C. The hash of the signed document must be present.. Dual assurance in a digital signature system requires both integrity verification and non-repudiation, which is achieved by including a hash of the signed document.

Submitted by khalil_dz· Mar 5, 2026Security Architecture and Engineering

Question

In order to provide dual assurance in a digital signature system, the design MUST include which of the following?

Options

  • AThe public key must be unique for the signed document.
  • Bsignature process must generate adequate authentication credentials.
  • CThe hash of the signed document must be present.
  • DThe encrypted private key must be provided in the signing certificate.

How the community answered

(50 responses)
  • A
    6% (3)
  • B
    12% (6)
  • C
    80% (40)
  • D
    2% (1)

Why each option

Dual assurance in a digital signature system requires both integrity verification and non-repudiation, which is achieved by including a hash of the signed document.

AThe public key must be unique for the signed document.

Public keys are not unique per document; a single public/private key pair is reused across many signing operations, so uniqueness per document is not a design requirement for dual assurance.

Bsignature process must generate adequate authentication credentials.

Generating 'adequate authentication credentials' is vague and describes authentication generally, not the specific cryptographic mechanism (hashing + asymmetric encryption) that provides both integrity and non-repudiation in a digital signature scheme.

CThe hash of the signed document must be present.Correct

Including the hash of the signed document provides dual assurance by ensuring both integrity (the document has not been altered since signing, as any change produces a different hash) and authenticity/non-repudiation (the hash is encrypted with the signer's private key, proving origin). Without the hash, the signature cannot cryptographically bind the signer's identity to the specific content of the document, eliminating both guarantees simultaneously.

DThe encrypted private key must be provided in the signing certificate.

Private keys must remain secret and are never embedded or provided within a signing certificate; the certificate contains only the public key, and exposing the private key would completely compromise the security of the signature system.

Concept tested: Digital signature integrity and non-repudiation via hashing

Source: https://learn.microsoft.com/en-us/windows/win32/seccrypto/digital-signatures

Topics

#digital signature#hashing#non-repudiation

Community Discussion

No community discussion yet for this question.

Full CISSP Practice