Loading...

p<>{color:#000;}.

**Details about this E-Book:**

The objective of this e-book is to ensure that CISA candidate get adequate knowledge on concept of ‘Asymmetric Encryption ’. Concepts have been simplified for easy reference of CISA candidates.

Questions, Answers and Explanation (QAE) on concept are designed in accordance with CISA exam pattern.

**Use of key when objective is to maintain Confidentiality**

In any given scenario, when objective is to ensure ‘confidentiality’, message has to be encrypted using receiver’s public key

**Use of key when objective is to ensure Authentication/Non-repudiation**

In any given scenario, when objective is to ensure ‘authentication’, hash (message digest) of the message has to be created and hash to be encrypted using sender’s private key.

**Use of key when objective is to ensure Integrity**

In any given scenario, when objective is to ensure ‘integrity’, HASH of the message has to be created and HASH to be encrypted using sender’s private key. Please note that hash is also known as message digest.

In any given scenario, when objective is to ensure ‘confidentiality & authentication’, following treatment is required:

-Hash of the message to be encrypted using sender’s private key (to ensure authentication/non-repudiation)

-Message to be encrypted using receiver’s public key (to ensure confidentiality)

In any given scenario, when objective is to ensure ‘confidentiality & authentication & integrity’, following treatment is required:

-Message to be encrypted using receiver’s public key (to ensure confidentiality)

-Hash of the message to be encrypted using sender’s private key (to ensure authentication/non-repudiation and integrity)

(1)In any given scenario, when objective is to ensure ‘confidentiality’, message has to be encrypted using receiver’s public key.

(2)In any given scenario, when objective is to ensure ‘authentication’, HASH of the message has to be created and HASH to be encrypted using sender’s private key. Please note that hash is also known as message digest.

(3)In any given scenario, when objective is to ensure ‘integrity’, HASH of the message has to be created and HASH to be encrypted using sender’s private key. Please note that hash is also known as message digest.

(4)In any given scenario, when objective is to ensure ‘confidentiality & authentication’, following treatment is required:

-Hash of the message to be encrypted using sender’s private key (to ensure authentication/non-repudiation)

-Message to be encrypted using receiver’s public key (to ensure confidentiality)

(5)In any given scenario, when objective is to ensure ‘confidentiality & authentication & integrity’, following treatment is required:

-Message to be encrypted using receiver’s public key (to ensure confidentiality)

-Hash of the message to be encrypted using sender’s private key (to ensure authentication/non-repudiation and integrity)

(6)Below table summarizes the above provisions:

Below QAE are solely on the above mentioned concept. Questions have been designed as per CISA Exam pattern. Candidates are advised to attempt below questions multiple times. More emphasis to be given on explanation part for better understanding.

**In public key encryption (asymmetric encryption) to secure message confidentiality:**

A. encryption is done by private key and decryption is done by public key.

B. encryption is done by public key and decryption is done by private key.

C. both the key used to encrypt and decrypt the data are public.

D. both the key used to encrypt and decrypt the data are private.

Answer: B. encryption is done by public key and decryption is done by private key.

Explanation:

In any given scenario, when objective is to ensure ‘confidentiality’, message has to be encrypted using receiver’s public key and decrypted using receiver’s private key.

Option-wise explanation is given as below:

A. encryption is done by private key and decryption is done by public key (public is easily accessible by everyone and hence confidentiality cannot be ensured).

B. encryption is done by public key and decryption is done by private key (private key is accessible only with owner and this ensures confidentiality).

C. both the key used to encrypt and decrypt the data are public. (anything encrypted by public key can be decrypted only by corresponding private key).

D. both the key used to encrypt and decrypt the data are private. (anything encrypted by private key can be decrypted only by corresponding public key).

**In public key encryption (asymmetric encryption) to authenticate the sender of the message:**

A. hash of the message to be encrypted by sender’s private key and decryption is done by sender’s public key.

B. hash of the message to be encrypted by sender’s public key and decryption is done by sender’s private key.

A. hash of the message to be encrypted by receiver’s private key and decryption is done by receiver’s public key.

B. hash of the message to be encrypted by receiver’s public key and decryption is done by receiver’s private key.

Answer: A. hash of the message to be encrypted by sender’s private key and decryption is done by sender’s public key.

Explanation:

In any given scenario, when objective is to ensure ‘authentication’, hash (message digest) of the message has to be created and hash to be encrypted using sender’s private key and decrypted using sender’s public key.

Option-wise explanation is given as below:

A. hash of the message to be encrypted by sender’s private key and decryption is done by sender’s public key (to ensure authentication, sender should have something unique which is not accessible by anyone else. Sender’s private key is available only with sender and this ensures authentication).

B. hash of the message to be encrypted by sender’s public key and decryption is done by sender’s private key. (to ensure authentication, sender should have something unique which is not accessible by anyone else. Sender’s public key is available publicly and hence cannot ensure authentication).

C. hash of the message to be encrypted by receiver’s private key and decryption is done by receiver’s public key.(sender will not have access to receiver’s private key).

D. hash of the message to be encrypted by receiver’s public key and decryption is done by receiver’s private key. (to ensure authentication, sender should have something unique which is not accessible by anyone else. Receiver’s public key is available publicly and hence cannot ensure authentication).

**In public key encryption (asymmetric encryption) to ensure integrity of the message:**

A. hash of the message to be encrypted by sender’s private key and decryption is done by sender’s public key.

B. hash of the message to be encrypted by sender’s public key and decryption is done by sender’s private key.

A. hash of the message to be encrypted by receiver’s private key and decryption is done by receiver’s public key.

B. hash of the message to be encrypted by receiver’s public key and decryption is done by receiver’s private key.

Answer: A. hash of the message to be encrypted by sender’s private key and decryption is done by sender’s public key.

Explanation:

In any given scenario, when objective is to ensure ‘integrity of the message’, hash (message digest) of the message has to be created and hash to be encrypted using sender’s private key. Sender will send (i) message and (ii) encrypted hash to receiver.

Receiver will (i) decrypt the received hash by using public key of sender and (ii) re-compute the hash of the message and if the two hashes are equal, then it proves that message integrity is not tampered with.

**Which of the following ensures confidentiality of the message & also authenticity of the sender of the message?**

A. Encrypting the hash of the message with the sender’s private key and thereafter encrypting the message with the receiver’s public key.

B. Encrypting the hash of message with the sender’s private key and thereafter encrypting the message with the receiver’s private key.

C. Encrypting the hash of the message with the receiver’s public key and thereafter encrypting the message with the sender’s private key.

D. Encrypting the hash of the message with the receiver’s public key and thereafter encrypting the message with the sender’s public key.

Answer: A. Encrypting the hash of the message with the sender’s private key and thereafter encrypting the message with the receiver’s public key.

Explanation:

In the above question, objective is to ensure confidentiality & authenticity. In any given scenario, when objective is to ensure ‘confidentiality & authentication’, following treatment is required:

-Hash of the message to be encrypted using sender’s private key (to ensure authentication/non-repudiation).

-Message to be encrypted using receiver’s public key (to ensure confidentiality).

Encryption of hash of the message by sender’s private key proves that sender himself is the sender of the message as his private key can be accessed by him only.

Encryption of the message using receiver’s public key ensures confidentiality as only receiver can decrypt the message using his private key.

**Message authenticity and confidentiality is BEST achieved by encrypting hash of the message using the:**

A. sender’s private key and encrypting the message using the receiver’s public key.

B. sender’s public key and encrypting the message using the receiver’s private key.

C. receiver’s private key and encrypting the message using the sender’s public key.

D. receiver’s public key and encrypting the message using the sender’s private key.

Answer: A. sender’s private key and encrypting the message using the receiver’s public key.

Explanation:

In the above question, objective is to ensure confidentiality & authenticity. In any given scenario, when objective is to ensure ‘confidentiality & authentication’, following treatment is required:

-Hash of the message to be encrypted using sender’s private key (to ensure authentication/non-repudiation)

-Message to be encrypted using receiver’s public key (to ensure confidentiality)

Encryption of hash of the message by sender’s private key proves that sender himself is the sender of the message as his private key can be accessed by him only.

Encryption of the message using receiver’s public key ensures confidentiality as only receiver can decrypt the message using his private key.

**Greatest assurance about E-mail authenticity can be ensured by which of the following?**

A. The prehash code is encrypted using sender’s public key.

B. The prehash code is encrypted using the sender’s private key.

C. The prehash code is encrypted using the receiver’s public key.

D. The prehash code is encrypted using the receiver’s private key.

Answer: B. The prehash code is encrypted using the sender’s private key.

Explanation:

In the above question, objective is to ensure authenticity. In any given scenario, when objective is to ensure ‘authentication’, (i)HASH of the message has to be created and (ii)HASH to be encrypted using sender’s private key.

Encryption of hash of the message by sender’s private key proves that sender himself is the sender of the message as his private key can be accessed by him only.

**A message and message hash is encrypted by the sender’s private key. This will ensure:**

A. authenticity and integrity.

B. authenticity and confidential.

C. integrity and privacy.

D. confidential and non-repudiation.

Answer: A. authenticity and integrity.

Explanation:

In any given scenario, when objective is to ensure ‘authentication & integrity’, hash (message digest) of the message has to be created and hash to be encrypted using sender’s private key. Sender will send (i) message and (ii) encrypted hash to receiver.

Receiver will (i) decrypt the received hash by using public key of sender and (ii) re-compute the hash of the message and if the two hashes are equal, then it proves that message integrity is not tampered with.

**A stock broking firm sends invoices to clients through email and wants reasonable assurance that no one has modified the newsletter. This objective can be achieved by:**

A. encrypting the hash of the invoice using the firm’s private key.

B. encrypting the hash of the invoice using the firm’s public key.

C. encrypting invoice using firm’s private key.

D. encrypting invoice using firm’s public key.

Answer: A. encrypting the hash of the invoice using the firm’s private key.

Explanation:

In the above question, objective is to ensure integrity of invoices. In any given scenario, when objective is to ensure ‘integrity’, HASH (message digest) of the message has to be created and HASH to be encrypted using sender’s private key.

Clients can open the invoice, re-compute the hash, decrypt the received hash using the firm’s public key and, if the two hashes are equal, the invoice was not modified in transit.

**(9) A commercial website uses asymmetric encryption where there is one private key for the server and corresponding public key is made available to the customers. This ensures:**

A. authenticity of the customer.

B. authenticity of the website.

C. confidentiality of messages from the website hosting organization to customer.

D. Non-repudiation from customer.

Answer: B. authenticity of the website.

Explanation:

If customer can able to decrypt the message using public key of the website, then it ensures that message has been sent from authentic website. Any false site will not be able to encrypt using the private key of the real site, so the customer

would not be able to decrypt the message using the public key.

Public key is widely distributed and hence authenticity of customer cannot be ensured.

Also confidentiality of messages cannot be ensured many people have access to the public key and can decrypt the messages from the hosting website.

**Which of the following options increases the cost of cryptography?**

A. Use of symmetric technique rather than asymmetric.

B. Use of long asymmetric key rather than short.

C. Only hash is encrypted rather than full message.

D. Use of short asymmetric key rather than long.

Answer: B. Use of long asymmetric key rather than short.

Explanation:

A. Use of symmetric technique rather than asymmetric-This will actually decrease the cost. Symmetric technique is faster and inexpensive as compared to asymmetric technique.

B. Use of long asymmetric key rather than short- Computer processing time is increased for longer asymmetric encryption keys and also cost associated with the same will increase.

C. Only hash is encrypted rather than full message- A hash is shorter than the original message; hence, a smaller overhead is required if the hash is encrypted rather than the message.

D. Use of short asymmetric key rather than long-This will decrease the cost.

**Encryption of which of the following can be considered as an efficient use of PKI:**

A. sender’s private key

B. sender’s public key

C. entire message

D. symmetric session key

Answer: D. symmetric session key

Explanation:

Best use of PKI is to combine the best feature of symmetric as well as asymmetric encryption technique. Asymmetric encryption involves intensive and time-consuming computations. In comparison, symmetric encryption is

considerably faster, yet faces the challenge of sharing the symmetric key to other party. To enjoy the benefits of both systems, following process is used:

**When objective is to ensure message integrity, confidentiality and non-repudiation, the MOST effective method would be to create a message digest and encrypt the message digest:**

A. using the sender’s private key, encrypting the message with a symmetric key and encrypting the symmetric key by using the receiver’s public key.

B. using the sender’s private key, encrypting the message with a symmetric key and encrypting the symmetric key by using the receiver’s private key.

C. using the sender’s private key, encrypting the message with a symmetric key and encrypting the symmetric key by using the sender’s private key.

D. using the sender’s private key, encrypting the message with a symmetric key and encrypting the symmetric key by using the sender’s public key.

Answer: A. using the sender’s private key, encrypting the message with a symmetric key and encrypting the symmetric key by using the receiver’s public key.

Explanation:

Above question in based on the concept of combining best features of symmetric as well as asymmetric encryption technique. Following are the steps:

Same process is involved in digital envelope.

[* Other CISA Exam- Study Material *]

https://www.youtube.com/watch?v=F2j8xhPaFTg

https://www.Shakespir.com/books/view/622303

https://www.youtube.com/watch?v=FvuvARXcjss

https://youtu.be/3-u2mpIZzW8

https://www.Shakespir.com/books/view/625599

https://www.youtube.com/watch?v=72kv6yOpXEI

https://www.youtube.com/watch?v=6KxEbth2Ziw

https://www.youtube.com/watch?v=rbCJ3ceDuso

https://www.Shakespir.com/books/view/633923

https://youtu.be/WfwjpDdBqr4

https://youtu.be/RuX2hLnm3vY

https://youtu.be/cGcMmt-03as

https://www.Shakespir.com/books/view/658967

https://youtu.be/Ynif7SqvkvM

https://www.Shakespir.com/books/view/661847

https://youtu.be/vQsX6ZQSDXk

https://youtu.be/Za9VMrSe094

https://www.youtube.com/watch?v=FEsP2LXSF9U

https://www.Shakespir.com/books/view/633047

https://youtu.be/tvNAvAL9ZIg

https://www.Shakespir.com/books/view/639816

https://youtu.be/UMDZrfp1W2Q

https://www.Shakespir.com/books/view/645822

https://www.youtube.com/watch?v=HmGFIJlLu-4

https://www.Shakespir.com/books/view/637926

https://youtu.be/Y14jVvOKqaU

https://www.Shakespir.com/books/view/656262

https://youtu.be/VH2yd3A6bMc

https://www.Shakespir.com/books/view/656262

https://youtu.be/zYZYvcr_-3M

https://www.Shakespir.com/books/view/666753

https://youtu.be/2rDusGnW9qw

https://www.Shakespir.com/books/view/646456

https://youtu.be/jCpcqaazkY4

https://www.Shakespir.com/books/view/647476

https://youtu.be/_N3jisd1Vis

https://www.Shakespir.com/books/view/648923

https://youtu.be/csbd_V9PknI

https://www.Shakespir.com/books/view/651918

https://youtu.be/x650kcv6Mfk

https://www.Shakespir.com/books/view/654726

https://youtu.be/lltKNTdjg4Y

https://www.Shakespir.com/books/view/654726

https://www.Shakespir.com/books/view/630325

https://youtu.be/z7MwD8_ayCs

https://www.Shakespir.com/books/view/669437

Point to remember for CISA exam: (1)In any given scenario, when objective is to ensure ‘confidentiality’, message has to be encrypted using receiver’s public key. (2)In any given scenario, when objective is to ensure ‘authentication’, HASH of the message has to be created and HASH to be encrypted using sender’s private key. Please note that hash is also known as message digest. (3)In any given scenario, when objective is to ensure ‘integrity’, HASH of the message has to be created and HASH to be encrypted using sender’s private key. Please note that hash is also known as message digest. (4)In any given scenario, when objective is to ensure ‘confidentiality & authentication’, following treatment is required: -Hash of the message to be encrypted using sender’s private key (to ensure authentication/non-repudiation) -Message to be encrypted using receiver’s public key (to ensure confidentiality) (5)In any given scenario, when objective is to ensure ‘confidentiality & authentication & integrity’, following treatment is required: -Message to be encrypted using receiver’s public key (to ensure confidentiality) -Hash of the message to be encrypted using sender’s private key (to ensure authentication/non-repudiation and integrity)

- ISBN: 9781370008803
- Author: Hemang Doshi
- Published: 2016-10-24 18:20:10
- Words: 2806