CompTIA Security Plus Mock Test Q526

A company’s employees were victims of a spear phishing campaign impersonating the CEO. The company would now like to implement a solution to improve the overall security posture by assuring their employees that email originated from the CEO. Which of the following controls could they implement to BEST meet this goal?

A. Spam filter
B. Digital signatures
C. Antivirus software
D. Digital certificates

Correct Answer: B
Section: Threats and Vulnerabilities

Explanation:
A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software, or digital document.
The digital equivalent of a handwritten signature or stamped seal, but offering far more inherent security, a digital signature is intended to solve the problem of tampering and impersonation in digital communications. Digital signatures can provide the added assurances of evidence to origin, identity and status of an electronic document, transaction or message, as well as acknowledging informed consent by the signer.
Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a public key algorithm such as RSA, one can generate two keys that are mathematically linked: one private and one public. To create a digital signature, signing software (such as an email program) creates a one-way hash of the electronic data to be signed. The private key is then used to encrypt the hash. The encrypted hash — along with other information, such as the hashing algorithm — is the digital signature. The reason for encrypting the hash instead of the entire message or document is that a hash function can convert an arbitrary input into a fixed length value, which is usually much shorter. This saves time since hashing is much faster than signing.

Incorrect Answers:
A: A spam filter is used to detect and block spam email. All inbound (and sometimes outbound) email is passed through the spam filter to detect spam emails. The spam emails are then discarded or tagged as potential spam according to the spam filter configuration. A spam filter is not used to guarantee the integrity of an email.
C: Anti-virus software is software installed on a computer to protect against viruses. An anti-virus program will scan files on the hard drive and scan files as they are accessed to see if the files contain a potential threat. Anti-virus software is not used to guarantee the integrity of an email.
D: In cryptography, a digital certificate is an electronic document that uses a digital signature to bind together a public key with an identity – for example, the name of an organization, etc. The certificate is used to confirm that a public key belongs to a specific organization.
Digital certificates are used to verify the trustworthiness of a website, while digital signatures are used to verify the trustworthiness of information. In the case of digital certificates, an organization may only trust a site if the digital certificates are issued by the organization itself or by a trusted certification source, like Verisign Inc. But, this doesn’t necessarily mean that the content of the site can be trusted; a trusted site may be infiltrated by a hacker who modifies the site’s content.

References:
http://searchsecurity.techtarget.com/definition/digital-signature
http://searchsecurity.techtarget.com/answer/The-difference-between-a-digital-signature-and-digital-certificate