CISSP Question #824: Real Exam Question with Answer & Explanation

Question

A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data?

Options

• APublic Key Infrastructure (PKI) and digital signatures
• BTrusted server certificates and passphrases
• CUser ID and password
• DAsymmetric encryption and User ID

Explanation

For a healthcare provider requiring secure Internet access, PKI with digital signatures provides the most robust, standards-based security framework combining encryption, authentication, and data integrity.

Common mistakes.

• B. Trusted server certificates alone with passphrases only authenticate the server side and rely on a shared secret passphrase, which can be intercepted or brute-forced, providing weaker overall protection than a full PKI implementation.
• C. User ID and password is the weakest option, as credentials can be stolen, guessed, or phished, and this method provides no encryption of data in transit or data integrity verification.
• D. Asymmetric encryption combined with only a User ID (without a password or certificate-based authentication) lacks a complete identity verification mechanism, leaving the authentication component insufficiently secured compared to full PKI.

Concept tested. PKI and digital signatures for secure data protection

Reference. https://learn.microsoft.com/en-us/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows

No community discussion yet for this question.