Loading...
Menu

CISA Exam-Testing Concept-Asymmetric Encryption (Domain-5)

p<>{color:#000;}.

Domain-5

Testing Concept-Asymmetric Encryption

Hemang Doshi

CISA, ACA, DISA, FIII

Details about this E-Book:

The objective of this e-book is to ensure that CISA candidate get adequate knowledge on concept of ‘Asymmetric Encryption ’. Concepts have been simplified for easy reference of CISA candidates.

Questions, Answers and Explanation (QAE) on concept are designed in accordance with CISA exam pattern.

 

 

 

 

Symmetric Encryption vis-a-vis Asymmetric Encryption

 

 

 

Accessibility of Keys-Asymmetric Encryption

 

 

Use of key when objective is to maintain Confidentiality

 

In any given scenario, when objective is to ensure ‘confidentiality’, message has to be encrypted using receiver’s public key

 

 

Use of key when objective is to ensure Authentication/Non-repudiation

 

In any given scenario, when objective is to ensure ‘authentication’, hash (message digest) of the message has to be created and hash to be encrypted using sender’s private key.

 

 

Use of key when objective is to ensure Integrity

 

In any given scenario, when objective is to ensure ‘integrity’, HASH of the message has to be created and HASH to be encrypted using sender’s private key. Please note that hash is also known as message digest.

 

 

Use of keys when objective is to ensure Confidentiality & Authentication

 

In any given scenario, when objective is to ensure ‘confidentiality & authentication’, following treatment is required:

 

-Hash of the message to be encrypted using sender’s private key (to ensure authentication/non-repudiation)

-Message to be encrypted using receiver’s public key (to ensure confidentiality)

 

 

Use of keys when objective is to ensure Confidentiality & Authentication & Integrity

 

In any given scenario, when objective is to ensure ‘confidentiality & authentication & integrity’, following treatment is required:

 

-Message to be encrypted using receiver’s public key (to ensure confidentiality)

-Hash of the message to be encrypted using sender’s private key (to ensure authentication/non-repudiation and integrity)

 

 

Point to remember for CISA exam:

 

(1)In any given scenario, when objective is to ensure ‘confidentiality’, message has to be encrypted using receiver’s public key.

 

(2)In any given scenario, when objective is to ensure ‘authentication’, HASH of the message has to be created and HASH to be encrypted using sender’s private key. Please note that hash is also known as message digest.

 

(3)In any given scenario, when objective is to ensure ‘integrity’, HASH of the message has to be created and HASH to be encrypted using sender’s private key. Please note that hash is also known as message digest.

 

(4)In any given scenario, when objective is to ensure ‘confidentiality & authentication’, following treatment is required:

 

-Hash of the message to be encrypted using sender’s private key (to ensure authentication/non-repudiation)

-Message to be encrypted using receiver’s public key (to ensure confidentiality)

 

(5)In any given scenario, when objective is to ensure ‘confidentiality & authentication & integrity’, following treatment is required:

 

-Message to be encrypted using receiver’s public key (to ensure confidentiality)

-Hash of the message to be encrypted using sender’s private key (to ensure authentication/non-repudiation and integrity)

 

(6)Below table summarizes the above provisions:

 

 

 

 

Question, Answer & Explanation on ‘Asymmetric Encryption’ Concept:

Below QAE are solely on the above mentioned concept. Questions have been designed as per CISA Exam pattern. Candidates are advised to attempt below questions multiple times. More emphasis to be given on explanation part for better understanding.

 

 

In public key encryption (asymmetric encryption) to secure message confidentiality:

A. encryption is done by private key and decryption is done by public key.

B. encryption is done by public key and decryption is done by private key.

C. both the key used to encrypt and decrypt the data are public.

D. both the key used to encrypt and decrypt the data are private.

 

Answer: B. encryption is done by public key and decryption is done by private key.

 

Explanation:

In any given scenario, when objective is to ensure ‘confidentiality’, message has to be encrypted using receiver’s public key and decrypted using receiver’s private key.

Option-wise explanation is given as below:

A. encryption is done by private key and decryption is done by public key (public is easily accessible by everyone and hence confidentiality cannot be ensured).

B. encryption is done by public key and decryption is done by private key (private key is accessible only with owner and this ensures confidentiality).

C. both the key used to encrypt and decrypt the data are public. (anything encrypted by public key can be decrypted only by corresponding private key).

D. both the key used to encrypt and decrypt the data are private. (anything encrypted by private key can be decrypted only by corresponding public key).

 

 

 

In public key encryption (asymmetric encryption) to authenticate the sender of the message:

A. hash of the message to be encrypted by sender’s private key and decryption is done by sender’s public key.

B. hash of the message to be encrypted by sender’s public key and decryption is done by sender’s private key.

A. hash of the message to be encrypted by receiver’s private key and decryption is done by receiver’s public key.

B. hash of the message to be encrypted by receiver’s public key and decryption is done by receiver’s private key.

 

Answer: A. hash of the message to be encrypted by sender’s private key and decryption is done by sender’s public key.

 

Explanation:

In any given scenario, when objective is to ensure ‘authentication’, hash (message digest) of the message has to be created and hash to be encrypted using sender’s private key and decrypted using sender’s public key.

Option-wise explanation is given as below:

A. hash of the message to be encrypted by sender’s private key and decryption is done by sender’s public key (to ensure authentication, sender should have something unique which is not accessible by anyone else. Sender’s private key is available only with sender and this ensures authentication).

B. hash of the message to be encrypted by sender’s public key and decryption is done by sender’s private key. (to ensure authentication, sender should have something unique which is not accessible by anyone else. Sender’s public key is available publicly and hence cannot ensure authentication).

C. hash of the message to be encrypted by receiver’s private key and decryption is done by receiver’s public key.(sender will not have access to receiver’s private key).

D. hash of the message to be encrypted by receiver’s public key and decryption is done by receiver’s private key. (to ensure authentication, sender should have something unique which is not accessible by anyone else. Receiver’s public key is available publicly and hence cannot ensure authentication).

 

 

In public key encryption (asymmetric encryption) to ensure integrity of the message:

A. hash of the message to be encrypted by sender’s private key and decryption is done by sender’s public key.

B. hash of the message to be encrypted by sender’s public key and decryption is done by sender’s private key.

A. hash of the message to be encrypted by receiver’s private key and decryption is done by receiver’s public key.

B. hash of the message to be encrypted by receiver’s public key and decryption is done by receiver’s private key.

 

Answer: A. hash of the message to be encrypted by sender’s private key and decryption is done by sender’s public key.

 

Explanation:

In any given scenario, when objective is to ensure ‘integrity of the message’, hash (message digest) of the message has to be created and hash to be encrypted using sender’s private key. Sender will send (i) message and (ii) encrypted hash to receiver.

 

Receiver will (i) decrypt the received hash by using public key of sender and (ii) re-compute the hash of the message and if the two hashes are equal, then it proves that message integrity is not tampered with.

 

 

Which of the following ensures confidentiality of the message & also authenticity of the sender of the message?

 

A. Encrypting the hash of the message with the sender’s private key and thereafter encrypting the message with the receiver’s public key.

B. Encrypting the hash of message with the sender’s private key and thereafter encrypting the message with the receiver’s private key.

C. Encrypting the hash of the message with the receiver’s public key and thereafter encrypting the message with the sender’s private key.

D. Encrypting the hash of the message with the receiver’s public key and thereafter encrypting the message with the sender’s public key.

 

Answer: A. Encrypting the hash of the message with the sender’s private key and thereafter encrypting the message with the receiver’s public key.

 

Explanation:

In the above question, objective is to ensure confidentiality & authenticity. In any given scenario, when objective is to ensure ‘confidentiality & authentication’, following treatment is required:

 

-Hash of the message to be encrypted using sender’s private key (to ensure authentication/non-repudiation).

-Message to be encrypted using receiver’s public key (to ensure confidentiality).

 

Encryption of hash of the message by sender’s private key proves that sender himself is the sender of the message as his private key can be accessed by him only.

Encryption of the message using receiver’s public key ensures confidentiality as only receiver can decrypt the message using his private key.

 

 

Message authenticity and confidentiality is BEST achieved by encrypting hash of the message using the:

 

A. sender’s private key and encrypting the message using the receiver’s public key.

B. sender’s public key and encrypting the message using the receiver’s private key.

C. receiver’s private key and encrypting the message using the sender’s public key.

D. receiver’s public key and encrypting the message using the sender’s private key.

 

Answer: A. sender’s private key and encrypting the message using the receiver’s public key.

 

Explanation:

In the above question, objective is to ensure confidentiality & authenticity. In any given scenario, when objective is to ensure ‘confidentiality & authentication’, following treatment is required:

 

-Hash of the message to be encrypted using sender’s private key (to ensure authentication/non-repudiation)

-Message to be encrypted using receiver’s public key (to ensure confidentiality)

 

Encryption of hash of the message by sender’s private key proves that sender himself is the sender of the message as his private key can be accessed by him only.

 

Encryption of the message using receiver’s public key ensures confidentiality as only receiver can decrypt the message using his private key.

 

 

Greatest assurance about E-mail authenticity can be ensured by which of the following?

 

A. The prehash code is encrypted using sender’s public key.

B. The prehash code is encrypted using the sender’s private key.

C. The prehash code is encrypted using the receiver’s public key.

D. The prehash code is encrypted using the receiver’s private key.

 

Answer: B. The prehash code is encrypted using the sender’s private key.

 

Explanation:

In the above question, objective is to ensure authenticity. In any given scenario, when objective is to ensure ‘authentication’, (i)HASH of the message has to be created and (ii)HASH to be encrypted using sender’s private key.

Encryption of hash of the message by sender’s private key proves that sender himself is the sender of the message as his private key can be accessed by him only.

 

 

A message and message hash is encrypted by the sender’s private key. This will ensure:

A. authenticity and integrity.

B. authenticity and confidential.

C. integrity and privacy.

D. confidential and non-repudiation.

 

Answer: A. authenticity and integrity.

 

Explanation:

In any given scenario, when objective is to ensure ‘authentication & integrity’, hash (message digest) of the message has to be created and hash to be encrypted using sender’s private key. Sender will send (i) message and (ii) encrypted hash to receiver.

 

Receiver will (i) decrypt the received hash by using public key of sender and (ii) re-compute the hash of the message and if the two hashes are equal, then it proves that message integrity is not tampered with.

 

 

A stock broking firm sends invoices to clients through email and wants reasonable assurance that no one has modified the newsletter. This objective can be achieved by:

 

A. encrypting the hash of the invoice using the firm’s private key.

B. encrypting the hash of the invoice using the firm’s public key.

C. encrypting invoice using firm’s private key.

D. encrypting invoice using firm’s public key.

 

Answer: A. encrypting the hash of the invoice using the firm’s private key.

 

Explanation:

In the above question, objective is to ensure integrity of invoices. In any given scenario, when objective is to ensure ‘integrity’, HASH (message digest) of the message has to be created and HASH to be encrypted using sender’s private key.

Clients can open the invoice, re-compute the hash, decrypt the received hash using the firm’s public key and, if the two hashes are equal, the invoice was not modified in transit.

 

 

(9) A commercial website uses asymmetric encryption where there is one private key for the server and corresponding public key is made available to the customers. This ensures:

 

A. authenticity of the customer.

B. authenticity of the website.

C. confidentiality of messages from the website hosting organization to customer.

D. Non-repudiation from customer.

 

Answer: B. authenticity of the website.

 

Explanation:

If customer can able to decrypt the message using public key of the website, then it ensures that message has been sent from authentic website. Any false site will not be able to encrypt using the private key of the real site, so the customer

would not be able to decrypt the message using the public key.

Public key is widely distributed and hence authenticity of customer cannot be ensured.

Also confidentiality of messages cannot be ensured many people have access to the public key and can decrypt the messages from the hosting website.

 

 

Which of the following options increases the cost of cryptography?

 

A. Use of symmetric technique rather than asymmetric.

B. Use of long asymmetric key rather than short.

C. Only hash is encrypted rather than full message.

D. Use of short asymmetric key rather than long.

 

Answer: B. Use of long asymmetric key rather than short.

 

Explanation:

A. Use of symmetric technique rather than asymmetric-This will actually decrease the cost. Symmetric technique is faster and inexpensive as compared to asymmetric technique.

B. Use of long asymmetric key rather than short- Computer processing time is increased for longer asymmetric encryption keys and also cost associated with the same will increase.

C. Only hash is encrypted rather than full message- A hash is shorter than the original message; hence, a smaller overhead is required if the hash is encrypted rather than the message.

D. Use of short asymmetric key rather than long-This will decrease the cost.

 

 

Encryption of which of the following can be considered as an efficient use of PKI:

 

A. sender’s private key

B. sender’s public key

C. entire message

D. symmetric session key

 

Answer: D. symmetric session key

 

Explanation:

Best use of PKI is to combine the best feature of symmetric as well as asymmetric encryption technique. Asymmetric encryption involves intensive and time-consuming computations. In comparison, symmetric encryption is

considerably faster, yet faces the challenge of sharing the symmetric key to other party. To enjoy the benefits of both systems, following process is used:

 

 

 

 

When objective is to ensure message integrity, confidentiality and non-repudiation, the MOST effective method would be to create a message digest and encrypt the message digest:

 

A. using the sender’s private key, encrypting the message with a symmetric key and encrypting the symmetric key by using the receiver’s public key.

B. using the sender’s private key, encrypting the message with a symmetric key and encrypting the symmetric key by using the receiver’s private key.

C. using the sender’s private key, encrypting the message with a symmetric key and encrypting the symmetric key by using the sender’s private key.

D. using the sender’s private key, encrypting the message with a symmetric key and encrypting the symmetric key by using the sender’s public key.

 

Answer: A. using the sender’s private key, encrypting the message with a symmetric key and encrypting the symmetric key by using the receiver’s public key.

 

Explanation:

Above question in based on the concept of combining best features of symmetric as well as asymmetric encryption technique. Following are the steps:

 

 

Same process is involved in digital envelope.

 

 

 

[* Other CISA Exam- Study Material *]

 

Domain 1

 

Steps of Risk Assessment

 

https://www.youtube.com/watch?v=F2j8xhPaFTg

 

https://www.Shakespir.com/books/view/622303

 

Types of Risk

 

https://www.youtube.com/watch?v=FvuvARXcjss

 

 

Compliance & Substantive Testing

https://youtu.be/3-u2mpIZzW8

 

https://www.Shakespir.com/books/view/625599

 

 

Difference between Inherent Risk & Residual Risk

 

https://www.youtube.com/watch?v=72kv6yOpXEI

 

Difference between Vulnerability & Threat

 

https://www.youtube.com/watch?v=6KxEbth2Ziw

 

Audit Charter

 

https://www.youtube.com/watch?v=rbCJ3ceDuso

 

https://www.Shakespir.com/books/view/633923

 

COBIT-5

 

https://youtu.be/WfwjpDdBqr4

 

Internal Controls

 

https://youtu.be/RuX2hLnm3vY

 

Control Self Assessment (CSA)

 

https://youtu.be/cGcMmt-03as

 

https://www.Shakespir.com/books/view/658967

 

Sampling

 

https://youtu.be/Ynif7SqvkvM

 

https://www.Shakespir.com/books/view/661847

 

 

Domain 2

 

Outsourcing Functions

 

https://youtu.be/vQsX6ZQSDXk

 

IT Strategy Committee & IT Steering Committee

 

https://youtu.be/Za9VMrSe094

 

IT Alignment with Business Objectives

 

https://www.youtube.com/watch?v=FEsP2LXSF9U

 

https://www.Shakespir.com/books/view/633047

 

IT Balanced Score Card

 

https://youtu.be/tvNAvAL9ZIg

 

https://www.Shakespir.com/books/view/639816

 

Roles of various functions of IT

 

https://youtu.be/UMDZrfp1W2Q

 

https://www.Shakespir.com/books/view/645822

 

 

 

Domain 3

 

Online Auditing Techniques

 

https://www.youtube.com/watch?v=HmGFIJlLu-4

 

https://www.Shakespir.com/books/view/637926

 

Parity-Checksum-CRC

 

https://youtu.be/Y14jVvOKqaU

 

https://www.Shakespir.com/books/view/656262

 

Check Digit

 

https://youtu.be/VH2yd3A6bMc

 

https://www.Shakespir.com/books/view/656262

 

PERT-CPM-Gantt Chart-FPA-EVA-Timebox

 

https://youtu.be/zYZYvcr_-3M

 

https://www.Shakespir.com/books/view/666753

 

Domain 4

 

Recovery Time Objective (RTO) and Recovery Point Objective (RPO)

 

https://youtu.be/2rDusGnW9qw

 

https://www.Shakespir.com/books/view/646456

 

 

Alternate Recovery Site

 

https://youtu.be/jCpcqaazkY4

 

https://www.Shakespir.com/books/view/647476

 

Domain 5

 

Digital Signature

 

https://youtu.be/_N3jisd1Vis

 

https://www.Shakespir.com/books/view/648923

 

Wireless (Wi-Fi)Security

 

https://youtu.be/csbd_V9PknI

 

https://www.Shakespir.com/books/view/651918

 

Firewall Types

 

https://youtu.be/x650kcv6Mfk

 

https://www.Shakespir.com/books/view/654726

 

Firewall Implementation

 

https://youtu.be/lltKNTdjg4Y

 

https://www.Shakespir.com/books/view/654726

 

Logical Access

 

https://www.Shakespir.com/books/view/630325

 

Classification of Information Assets

 

https://youtu.be/z7MwD8_ayCs

 

https://www.Shakespir.com/books/view/669437

 

 


CISA Exam-Testing Concept-Asymmetric Encryption (Domain-5)

Point to remember for CISA exam: (1)In any given scenario, when objective is to ensure ‘confidentiality’, message has to be encrypted using receiver’s public key. (2)In any given scenario, when objective is to ensure ‘authentication’, HASH of the message has to be created and HASH to be encrypted using sender’s private key. Please note that hash is also known as message digest. (3)In any given scenario, when objective is to ensure ‘integrity’, HASH of the message has to be created and HASH to be encrypted using sender’s private key. Please note that hash is also known as message digest. (4)In any given scenario, when objective is to ensure ‘confidentiality & authentication’, following treatment is required: -Hash of the message to be encrypted using sender’s private key (to ensure authentication/non-repudiation) -Message to be encrypted using receiver’s public key (to ensure confidentiality) (5)In any given scenario, when objective is to ensure ‘confidentiality & authentication & integrity’, following treatment is required: -Message to be encrypted using receiver’s public key (to ensure confidentiality) -Hash of the message to be encrypted using sender’s private key (to ensure authentication/non-repudiation and integrity)

  • ISBN: 9781370008803
  • Author: Hemang Doshi
  • Published: 2016-10-24 18:20:10
  • Words: 2806
CISA Exam-Testing Concept-Asymmetric Encryption (Domain-5) CISA Exam-Testing Concept-Asymmetric Encryption (Domain-5)