nerdexam
(ISC)2

CISSP · Question #588

Which of the following encryption types is used in Hash Message Authentication Code (HMAC) for key distribution?

The correct answer is A. Symmetric. HMAC uses symmetric encryption for key distribution, where the same shared secret key is used by both the sender and receiver to generate and verify the message authentication code.

Submitted by jakub_pl· Mar 5, 2026Security Architecture and Engineering

Question

Which of the following encryption types is used in Hash Message Authentication Code (HMAC) for key distribution?

Options

  • ASymmetric
  • BAsymmetric
  • CEphemeral
  • DPermanent

How the community answered

(40 responses)
  • A
    90% (36)
  • B
    3% (1)
  • C
    5% (2)
  • D
    3% (1)

Why each option

HMAC uses symmetric encryption for key distribution, where the same shared secret key is used by both the sender and receiver to generate and verify the message authentication code.

ASymmetricCorrect

HMAC relies on symmetric key cryptography, where a single shared secret key is distributed between communicating parties and used in conjunction with a hash function (such as SHA-256 or MD5) to produce the authentication code. Both the sender and receiver must possess the same key to compute and validate the HMAC, which is the defining characteristic of symmetric encryption.

BAsymmetric

Asymmetric encryption uses a public/private key pair and is not used in HMAC; HMAC specifically requires a single shared secret key held by both parties, not separate keys for encryption and decryption.

CEphemeral

Ephemeral refers to temporary keys generated for a single session (commonly in Diffie-Hellman key exchange), which describes a key lifecycle property rather than an encryption type used in HMAC.

DPermanent

Permanent is not a recognized encryption type in cryptography; it describes key longevity rather than any encryption algorithm or method used in HMAC operations.

Concept tested: HMAC symmetric key usage in authentication

Source: https://learn.microsoft.com/en-us/dotnet/standard/security/ensuring-data-integrity-with-hash-codes

Topics

#HMAC#Symmetric encryption#Cryptographic primitives

Community Discussion

No community discussion yet for this question.

Full CISSP Practice