Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 SSCP Exam - Topic 3 Question 84 Discussion

Actual exam question for ISC2's SSCP exam
Question #: 84
Topic #: 3
[All SSCP Questions]

Which one of the following is used to provide authentication and confidentiality for e-mail messages?

Show Suggested Answer Hide Answer
Suggested Answer: B

Instead of using a Certificate Authority, PGP uses a 'Web of Trust', where users can certify each other in a mesh model, which is best applied to smaller groups.

In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority (or a hierarchy of such). The web of trust concept was first put forth by PGP creator Phil Zimmermann in 1992 in the manual for PGP version 2.0.

Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security of e-mail communications. It was created by Phil Zimmermann in 1991.

As per Shon Harris's book:

Pretty Good Privacy (PGP) was designed by Phil Zimmerman as a freeware e-mail security program and was released in 1991. It was the first widespread public key encryption program. PGP is a complete cryptosystem that uses cryptographic protection to protect e-mail and files. It can use RSA public key encryption for key management and use IDEA symmetric cipher for bulk encryption of data, although the user has the option of picking different types of algorithms for these functions. PGP can provide confidentiality by using the IDEA encryption algorithm, integrity by using the MD5 hashing algorithm, authentication by using the public key certificates, and nonrepudiation by using cryptographically signed messages. PGP initially used its own type of digital certificates rather than what is used in PKI, but they both have similar purposes. Today PGP support X.509 V3 digital certificates.

Reference(s) used for this question:

KRUTZ,

Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 169).

Shon Harris, CISSP All in One book

https://en.wikipedia.org/wiki/Pretty_Good_Privacy

TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.


by Lonny at Mar 21, 2024, 09:58 AM

Limited Time Offer

25%

Off

Get Premium SSCP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Colby
4 months ago
IPSEC AH is more for network security, not email.
upvoted 0 times
...
Abraham
4 months ago
Wait, MD4? Isn’t that outdated?
upvoted 0 times
...
Dorothy
4 months ago
I thought digital signatures were enough for this?
upvoted 0 times
...
Burma
4 months ago
Definitely B, it covers both authentication and confidentiality.
upvoted 0 times
...
Lizette
5 months ago
PGP is the go-to for email security!
upvoted 0 times
...
Dana
5 months ago
I’m a bit confused about IPSEC AH; I thought it was more for securing network traffic rather than email specifically.
upvoted 0 times
...
Kati
5 months ago
I feel like I’ve seen a question like this before, and PGP was definitely the answer.
upvoted 0 times
...
Flo
5 months ago
I remember studying digital signatures, but I don’t think they provide confidentiality, just authentication.
upvoted 0 times
...
Carri
5 months ago
I think PGP is the one that provides both authentication and confidentiality for emails, but I’m not entirely sure.
upvoted 0 times
...
Detra
5 months ago
PGP seems like the best choice. It provides both authentication and confidentiality, which is exactly what the question is asking for.
upvoted 0 times
...
Lynsey
5 months ago
Digital signature could work, but I'm pretty sure PGP is the more common and comprehensive solution for email security.
upvoted 0 times
...
Sommer
5 months ago
I think PGP is the right answer here. It's a well-known encryption and authentication protocol used for email.
upvoted 0 times
...
Freeman
6 months ago
Hmm, I'm not too sure about this one. I'll have to think it through carefully to make sure I don't miss anything.
upvoted 0 times
...
Thomasena
6 months ago
Hmm, this is a tricky one. I'm not entirely sure about the different options, but I think Kubernetes Cluster Federation and registering external clusters to be managed from a central console are two potential approaches.
upvoted 0 times
...
Dottie
6 months ago
This is a tricky one. There are a lot of moving parts when it comes to channel sales, so I'll need to really analyze each option to determine the two most relevant for accelerating performance. I may need to do some quick research on Salesforce PRM capabilities to make sure I choose the best answers.
upvoted 0 times
...
Nell
6 months ago
If the margin of safety is $30,000, does that mean we can estimate profit by factoring that into our fixed costs? I think I saw something like this before.
upvoted 0 times
...
Audrie
2 years ago
Yes, but PGP offers both authentication and encryption for emails.
upvoted 0 times
...
Lynna
2 years ago
But digital signatures are commonly used for authentication, right?
upvoted 0 times
...
Johanna
2 years ago
I think D) MDJohanna is the answer for authentication and confidentiality.
upvoted 0 times
...
Lizbeth
2 years ago
I am not sure, but I think it could be C) IPSEC AH.
upvoted 0 times
...
Audrie
2 years ago
I disagree, I believe the correct answer is B) PGP.
upvoted 0 times
...
Lynna
2 years ago
I think the answer is A) Digital signature.
upvoted 0 times
...

Save Cancel