Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

ISC2 Exam SSCP Topic 6 Question 91 Discussion

Actual exam question for ISC2's SSCP exam
Question #: 91
Topic #: 6
[All SSCP Questions]

Which one of the following is used to provide authentication and confidentiality for e-mail messages?

Show Suggested Answer Hide Answer
Suggested Answer: B

Instead of using a Certificate Authority, PGP uses a 'Web of Trust', where users can certify each other in a mesh model, which is best applied to smaller groups.

In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority (or a hierarchy of such). The web of trust concept was first put forth by PGP creator Phil Zimmermann in 1992 in the manual for PGP version 2.0.

Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security of e-mail communications. It was created by Phil Zimmermann in 1991.

As per Shon Harris's book:

Pretty Good Privacy (PGP) was designed by Phil Zimmerman as a freeware e-mail security program and was released in 1991. It was the first widespread public key encryption program. PGP is a complete cryptosystem that uses cryptographic protection to protect e-mail and files. It can use RSA public key encryption for key management and use IDEA symmetric cipher for bulk encryption of data, although the user has the option of picking different types of algorithms for these functions. PGP can provide confidentiality by using the IDEA encryption algorithm, integrity by using the MD5 hashing algorithm, authentication by using the public key certificates, and nonrepudiation by using cryptographically signed messages. PGP initially used its own type of digital certificates rather than what is used in PKI, but they both have similar purposes. Today PGP support X.509 V3 digital certificates.

Reference(s) used for this question:

KRUTZ,

Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 169).

Shon Harris, CISSP All in One book

https://en.wikipedia.org/wiki/Pretty_Good_Privacy

TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.


by Annabelle at Jun 19, 2024, 07:34 PM

Limited Time Offer

25%

Off

Get Premium SSCP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Florinda
5 months ago
Haha, D) MD4? What is this, the 90s? B) PGP is the way to go, folks. Secure those messages like a boss!
upvoted 0 times
Nieves
3 months ago
C) IPSEC AH can also provide authentication and confidentiality, but PGP is more widely used.
upvoted 0 times
...
Onita
3 months ago
B) PGP is definitely the most secure choice for e-mail messages.
upvoted 0 times
...
Sabrina
4 months ago
C) IPSEC AH can also be used for providing authentication and confidentiality.
upvoted 0 times
...
Kirby
4 months ago
A) Digital signature is also a good option for authentication and confidentiality.
upvoted 0 times
...
Maybelle
4 months ago
B) PGP is definitely the most popular choice for securing email messages.
upvoted 0 times
...
Edda
4 months ago
A) Digital signature is also a good option for authentication and confidentiality.
upvoted 0 times
...
...
Ilda
5 months ago
Is MD4 even a thing anymore? I'm going with B) PGP, the obvious choice here. Can't go wrong with the classics!
upvoted 0 times
...
Lonna
5 months ago
B) PGP, no doubt. That's the one I remember learning about in my cybersecurity class. Gotta keep those emails locked down, you know?
upvoted 0 times
...
Reena
5 months ago
Hmm, I'd have to say B) PGP. Anything else just doesn't seem as robust or widely adopted.
upvoted 0 times
Benton
4 months ago
Yeah, PGP is widely trusted for authentication and confidentiality.
upvoted 0 times
...
Jennie
4 months ago
I agree, PGP is definitely the way to go for email security.
upvoted 0 times
...
...
Roosevelt
5 months ago
I agree with Erasmo, A) Digital signature is the best choice for e-mail security.
upvoted 0 times
...
Mabelle
5 months ago
I'm going with B) PGP. It's been around for ages and is still the go-to solution for secure email communication.
upvoted 0 times
Darrin
5 months ago
I think I'll go with A) Digital signature for extra authentication.
upvoted 0 times
...
Lon
5 months ago
I agree, PGP is a reliable choice for email security.
upvoted 0 times
...
...
Erasmo
6 months ago
But digital signatures are used for authentication and confidentiality, so it makes sense.
upvoted 0 times
...
Hassie
6 months ago
I disagree, I believe the correct answer is B) PGP.
upvoted 0 times
...
Devora
6 months ago
B) PGP is definitely the correct answer here. It's the gold standard for email encryption and authentication.
upvoted 0 times
Hana
5 months ago
B) PGP is definitely the correct answer here. It's the gold standard for email encryption and authentication.
upvoted 0 times
...
Dulce
5 months ago
A) Digital signature
upvoted 0 times
...
...
Erasmo
6 months ago
I think the answer is A) Digital signature.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77