5.1 : Quiz Digital signature Flashcards
(1)Hash function will address which of the concerns about the electronic message:
A. Message confidentiality
B. Message integrity
C. Message availability.
D. Message compression
Answer: B. Message integrity
A digital signature provides integrity, authentication, and non-repudiation for the electronic message. It does not ensure message confidentiality. A digital signature includes an encrypted hash total of the message. This hash would no longer be accurate if the message was subsequently altered, thus indicating that the alteration had occurred. Hence, it helps to ensure message integrity. Digital signatures will not identify or prevent any of the other options.
(2) A digital signature will address which of the concerns about the electronic message:
A. Authentication and integrity of data
B. Authentication and confidentiality of data
C. Confidentiality and integrity of data
D. Authentication and availability of data
Answer: A. Authentication and integrity of data
Explanation:
Digital signature provides integrity, authentication and non-repudiation for electronic message. It
does not ensure message confidentiality or availability of data. Digital Signature is created in below
two steps:
Step 1: Create Hash (Message digest) of the message.
Step 2: Encrypt the hash (as derived above) with private key of the sender.
(3) A digital signature is created by the sender to prove message integrity by :
A. encrypting the message with the sender’s private key. Upon receiving the data, the recipient can
decrypt the data using the sender’s public key.
B. encrypting the message with the recipient’s public key. Upon receiving the data, the recipient can
decrypt the data using the recipient’s public key.
C. initially using a hashing algorithm to produce a hash value or message digest from the entire message contents. Upon receiving the data, the recipient can independently create it.
D.encrypting the message with the sender’s public key. Upon receiving the data, the recipient can
decrypt the data using the recipient’s private key.
Explanation:
Digital Signature is created in below two steps:
Step 1: Create Hash (Message digest) of the message.
Step 2: Encrypt the hash (as derived above) with private key of the sender.
Upon receiving the message, recipient will perform following functions:
Step 1: He will independently calculate hash value of the message.
Step 2: Then he will decrypt the digital signature using public key of sender.
Step 3: Now, recipient will compare value derived under step (1) with value derived under step (2). If
both tallies, it proves integrity of the message.
Option A, B and D are incorrect because digital signature will not encrypt the message itself,
however it encrypts the hash of the message.
(4)Digital signature addresses which of the following concerns about electronic message?
A. Unauthorized archiving
B. Confidentiality
C. Unauthorized copying
D. Alteration
Answer: D. Alteration
Explanation:
A digital signature includes an encrypted hash total of the size of the message as it was transmitted
by its originator. This hash would no longer be accurate if the message was subsequently altered, thus indicating that the alteration had occurred. Digital signatures will not identify or prevent any of the other options. Digital signature will not address other concerns.
(5)Which of the following is used to address the risk of hash being compromised ?
A. Digital signatures
B. Message encryption
C. Email password
D. Disabling SSID broadcast.
Answer: A. Digital signature
Explanation:
Digital signature is created by encrypting hash of the message. Encrypted hash cannot be altered
without knowing public key of sender.
(6)Digital signature provides which of the following?
A. Non-repudiation, confidentiality and integrity
B. Integrity, privacy and non-repudiation
C. Integrity, authentication and non-repudiation
D. Confidentiality , privacy and non-repudiation
Answer: C. Integrity, authentication and nonrepudiation
Explanation:
Digital signature provides integrity, authentication and non-repudiation for electronic message. It does not ensure message confidentiality or availability of data.
(7) The MAIN reason for using digital signatures is to ensure data:
A. privacy.
B. integrity.
C. availability.
D. confidentiality
Answer: B. integrity.
Explanation:
Digital signatures provide integrity because hash of the message changes in case of any unauthorized changes in the data (file, mail, document, etc.) thus ensuring data integrity.
(8)Which of the following message services provides the strongest evidence that a specific action has occurred?
A. Proof of delivery
B. Non-repudiation
C. Proof of submission
D. Authorization
Answer: B. Non-repudiation
Explanation:
Non-repudiation is the assurance that someone cannot deny something. Non-repudiation services
provide evidence that a specific action occurred Typically, non-repudiation refers to the ability to
ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated.. Digital signatures are used to provide non-repudiation.
(9) Which of the following ensures a sender’s authenticity?
A. Encrypting the hash of the message with the sender’s private key
B. Encrypting the message with the receiver’s Public key
C. Encrypting the hash of the message with the sender’s public
D. Encrypting the message with the receiver’s private key
Answer: A. Encrypting the hash of the message with the sender’s private key
Explanation:
Sender encrypts the hash of the message using his private key. The receiver can decrypt the same
with the public key of the sender, ensuring authenticity of the message. If recipient is able to decrypt the message successfully with public key of sender, then it proves authentication i.e. message is infact sent from the sender. It ensures non-repudiation i.e. sender cannot repudiate having sent the message.
(10) An organization states that digital signatures are used when receiving communications from customers. This is done by :
A. A hash of the data that is transmitted and encrypted with the organization’s private key
B. A hash of the data that is transmitted and encrypted with the customer’s private key
C. A hash of the data that is transmitted and encrypted with the customer’s public key
D. A hash of the data that is transmitted and encrypted with the organization’s public key
Answer : B. A hash of the data that is transmitted and encrypted with the customer’s private key
Explanation:
Digital Signature is created in below two steps:
Step 1: Create Hash (Message digest) of the message.
Step 2: Encrypt the hash (as derived above) with private key of the sender.
In above scenario, sender is customer. Hence hash to be encrypted by using customer’s (sender’s) private key.
(11) Digital signatures helps to:
A. help detect spam.
B. provide confidentiality.
C. add to the workload of gateway servers.
D. decreases available bandwidth
Answer: A. help detect spam.
Explanation:
Using strong signatures in email traffic, authentication and nonrepudiation can be assured and a
sender can be tracked. The recipient can configure their e-mail server or client to automatically
delete mails from specific senders. Digital signatures are only a few bytes in size and will not slash bandwidth. There will be no major impact to the workload of gateway servers.
(12 )Basic difference between hashing & encryption is that hashing:
A. cannot be reversed.
B. can be reversed.
C. is concerned with integrity and security.
D. creates output of bigger length than original message.
Answer: A. cannot be reversed
Explanation:
Hashing works one way. By applying a hashing algorithm to a message, a message hash/digest is
created. If the same hashing algorithm is applied to the message digest, it will not result in the
original message. As such, hashing is irreversible, while encryption is reversible. This is the basic
difference between hashing and encryption.
(13)An organization is sharing critical information to vendors through email. Organization can ensure that the recipients of e-mails (i.e. vendors) can authenticate the identity of the sender (i.e. employees) by:
A. employees digitally signs their email messages.
B. employees encrypting their email messages.
C. employees compressing their email messages.
D. password protecting all e-mail messages.
Answer: A. employees digitally signs their email messages.
Explanation:
By digitally signing all e-mail messages, the receiver will be able to validate the authenticity of the
sender. Encrypting all e-mail messages would not ensure the authenticity of the sender.
(14)Digital signature ensures that the sender cannot later deny generating and sending the message. This is known as:
A. Integrity.
B. authentication.
C. non-repudiation.
D. security.
Answer: C. non-repudiation.
Explanation:
Non-repudiation ensures that the claimed sender cannot later deny generating and sending the
message.
(15)In an e-commerce application, which of the following should rely on to prove that the transactions were actually made?
A. Proof of delivery
B. Authentication
C. Encryption
D. Non-repudiation
Answer: D. Non-repudiation
Explanation:
Non-repudiation ensures that a transaction is enforceable. Non-repudiation ensures that the
claimed sender cannot later deny generating and sending the message.