CISSP · Question #910
What is the MOST significant benefit of an application upgrade that replaces randomly generated session keys with certificate based encryption for communications with backend servers?
The correct answer is A. Non-repudiation. Non-Repudiation via Certificate-Based Encryption Non-repudiation (A) is the most significant benefit because certificates are tied to verified identities - when a server communicates using a certificate, it cryptographically proves who sent the message, meaning neither party can
Question
Options
- ANon-repudiation
- BEfficiency
- CConfidentially
- DPrivacy
How the community answered
(20 responses)- A55% (11)
- B15% (3)
- C5% (1)
- D25% (5)
Explanation
Non-Repudiation via Certificate-Based Encryption
Non-repudiation (A) is the most significant benefit because certificates are tied to verified identities - when a server communicates using a certificate, it cryptographically proves who sent the message, meaning neither party can deny their participation in the transaction. Random session keys provide no identity binding, so you can't prove which server you were talking to, whereas certificates create an auditable, tamper-proof record of authenticated communications.
Why the distractors fall short:
- Efficiency (B) is actually worse with certificates - asymmetric certificate-based encryption is computationally heavier than symmetric random session keys
- Confidentiality (C) was already present with randomly generated session keys, so this isn't a new benefit introduced by the upgrade
- Privacy (D) is largely synonymous with confidentiality in this context and suffers the same reasoning - encryption existed before the upgrade
Memory Tip: Think of certificates like a signed legal contract - both parties have their identity stamped and verified, so no one can say "that wasn't me." Random keys are like an anonymous handshake - secure in transit, but unidentifiable. Whenever you see identity + accountability, think non-repudiation.
Topics
Community Discussion
No community discussion yet for this question.