CISSP · Question #694
Which of the following is considered the PRIMARY security issue associated with encrypted e- mail messages?
The correct answer is A. Key distribution. The primary security challenge with encrypted email is securely distributing and managing the cryptographic keys used to encrypt and decrypt messages. Without a reliable key distribution mechanism, recipients cannot decrypt messages and keys can be intercepted or mismanaged.
Question
Options
- AKey distribution
- BStoring attachments in centralized repositories
- CScanning for viruses and other malware
- DGreater costs associated for backups and restores
How the community answered
(59 responses)- A93% (55)
- B3% (2)
- C2% (1)
- D2% (1)
Why each option
The primary security challenge with encrypted email is securely distributing and managing the cryptographic keys used to encrypt and decrypt messages. Without a reliable key distribution mechanism, recipients cannot decrypt messages and keys can be intercepted or mismanaged.
Key distribution is the fundamental security problem in any encryption system: both sender and recipient must securely exchange or obtain cryptographic keys without exposing them to unauthorized parties. If keys are intercepted during distribution, the entire confidentiality of the encrypted email is compromised. Public Key Infrastructure (PKI) and key management systems exist specifically to address this challenge, underscoring it as the primary security concern.
Storing attachments in centralized repositories is an operational or data management concern, not a primary security issue specific to encrypted email encryption itself.
While scanning encrypted messages for malware is a practical challenge (since encryption prevents gateway scanning), this is a secondary operational issue rather than the primary security concern inherent to email encryption design.
Greater costs for backups and restores is a financial and administrative consideration unrelated to the core security properties or vulnerabilities of encrypted email systems.
Concept tested: Primary security challenge of encrypted email key management
Source: https://learn.microsoft.com/en-us/microsoft-365/compliance/email-encryption?view=o365-worldwide
Topics
Community Discussion
No community discussion yet for this question.