nerdexam
(ISC)2

CISSP · Question #868

Which of the following is a recommended alternative to an integrated email encryption system?

The correct answer is C. Encrypt sensitive data separately in attachments. When a fully integrated email encryption system is unavailable, encrypting sensitive data separately as an attachment provides equivalent confidentiality protection before transmission.

Submitted by hans_de· Mar 5, 2026Communication and Network Security

Question

Which of the following is a recommended alternative to an integrated email encryption system?

Options

  • ASign emails containing sensitive data
  • BSend sensitive data in separate emails
  • CEncrypt sensitive data separately in attachments
  • DStore sensitive information to be sent in encrypted drives

How the community answered

(51 responses)
  • A
    4% (2)
  • B
    12% (6)
  • C
    75% (38)
  • D
    10% (5)

Why each option

When a fully integrated email encryption system is unavailable, encrypting sensitive data separately as an attachment provides equivalent confidentiality protection before transmission.

ASign emails containing sensitive data

Digitally signing emails provides authenticity and integrity verification but does not encrypt the content, meaning sensitive data remains readable to anyone who intercepts the message.

BSend sensitive data in separate emails

Splitting sensitive data across separate emails does not apply any encryption or access control, so the data is still transmitted in plaintext and remains equally vulnerable to interception.

CEncrypt sensitive data separately in attachmentsCorrect

Encrypting sensitive data separately in attachments (e.g., using tools like 7-Zip with AES-256 or PGP-encrypted files) ensures the data itself is protected regardless of the email transport layer. This approach mirrors the confidentiality goal of integrated email encryption by making the payload unreadable to unauthorized parties even if the email is intercepted. It is a widely recognized compensating control when end-to-end email encryption infrastructure is not in place.

DStore sensitive information to be sent in encrypted drives

Storing information on encrypted drives addresses data-at-rest protection but does not provide a mechanism for securely transmitting that data via email, making it an unrelated control for the email transmission threat.

Concept tested: Alternative controls for email data confidentiality

Source: https://learn.microsoft.com/en-us/purview/email-encryption

Topics

#email encryption#data security#attachments#sensitive data handling

Community Discussion

No community discussion yet for this question.

Full CISSP Practice