CompTIA Security Plus Mock Test Q475

A company would like to take electronic orders from a partner; however, they are concerned that a non-authorized person may send an order. The legal department asks if there is a solution that provides non-repudiation. Which of the following would meet the requirements of this scenario?

A. Encryption
B. Digital signatures
C. Steganography
D. Hashing
E. Perfect forward secrecy

Correct Answer: B

Section: Compliance and Operational Security

A digital signature is an electronic mechanism to prove that a message was sent from a specific user (that is, it provides for non-repudiation) and that the message wasn’t changed while in transit (it also provides integrity). Thus digital signatures will meet the stated requirements.

Incorrect Answers:
A: Encryption ensures that a message will not be changes during data transfer and will thus provide integrity and not non-repudiation.
C: Steganography is actually the process of hiding messages within messages. This will not meet the requirements.
D: Hashing is the numeric representation of the data in question to check whether the integrity of the data has been violated. It is similar to a type of cryptography. This will not meet the requirements on non-repudiation.
E: Perfect forward secrecy is a way of making sure that the compromise of an entity’s digital certificates does not compromise the security of any session’s keys.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 149, 323-325