CISSP · Question #868
Which of the following is a recommended alternative to an integrated email encryption system?
The correct answer is C. Encrypt sensitive data separately in attachments. When a fully integrated email encryption system is unavailable, encrypting sensitive data separately as an attachment provides equivalent confidentiality protection before transmission.
Question
Which of the following is a recommended alternative to an integrated email encryption system?
Options
- ASign emails containing sensitive data
- BSend sensitive data in separate emails
- CEncrypt sensitive data separately in attachments
- DStore sensitive information to be sent in encrypted drives
How the community answered
(51 responses)- A4% (2)
- B12% (6)
- C75% (38)
- D10% (5)
Why each option
When a fully integrated email encryption system is unavailable, encrypting sensitive data separately as an attachment provides equivalent confidentiality protection before transmission.
Digitally signing emails provides authenticity and integrity verification but does not encrypt the content, meaning sensitive data remains readable to anyone who intercepts the message.
Splitting sensitive data across separate emails does not apply any encryption or access control, so the data is still transmitted in plaintext and remains equally vulnerable to interception.
Encrypting sensitive data separately in attachments (e.g., using tools like 7-Zip with AES-256 or PGP-encrypted files) ensures the data itself is protected regardless of the email transport layer. This approach mirrors the confidentiality goal of integrated email encryption by making the payload unreadable to unauthorized parties even if the email is intercepted. It is a widely recognized compensating control when end-to-end email encryption infrastructure is not in place.
Storing information on encrypted drives addresses data-at-rest protection but does not provide a mechanism for securely transmitting that data via email, making it an unrelated control for the email transmission threat.
Concept tested: Alternative controls for email data confidentiality
Source: https://learn.microsoft.com/en-us/purview/email-encryption
Topics
Community Discussion
No community discussion yet for this question.