CISA EXAM PRACTICE QUESTION 12/03/2017

Most CISA candidates struggle with questions related to information assets protection. I have prepared a question below that will help you understand this concept.

Ransom’s Question on 12/03/2017 – Information Asset Protection

Why do digital signatures contain a message digest?

A  – to enable the message to be sent and received in a digital format.

B  – to define the encryption algorithm.

C  – to show whether the message has been altered during transmission.

D  – to identify and authenticate the originator of the message.

 


Let us apply the K-E-C approach in answering this question.

Please note that the K-E-C approach is as follows:

K = Keyword, phrase or stem of the question

E = Eliminate two incorrect options

C = Choose the best answer for the remaining two options, linking the answer to the Key or K.


 

So let us approach this question.

K = Key – The key phrase here is “message digest”. It is asking us for the purpose of a message digest in digital signatures. In order for us to attempt this question, we need to understand what a message digest really is. What is this message digest and what does it try to achieve?.

A message digest is a cryptographic hash function containing a string of digits created by a one-way hashing formula. Message digests are designed to protect the integrity of a piece of data or media to detect changes and alterations to any part of a message.

To put it in plain words, a digest is the same as a hash of a message. The primary purpose of a hash total in data cryptography is to ensure that the message has not been tampered with and has been delivered in its entirety. See an illustration below:

01. Hashing

E = Eliminate two options – If we go through the options above, we can easily eliminate answers A and B. Option A says hash totals enable the message to be sent in degital format. This is not the main objective of hashing a digital message. This response is thus incorrect.

Option B says a message digest enables us in defining the decryption algorithm. This is not the case. The hash of a message is used for data transmission integrity and not for an encryption algorithm.

C = Choose the correct answer that lines up with the KEY – We are thus left with options C and D to choose from. Option D says a message digest helps us in identifying the originator of the message. This is not quite what a hash total does. A hash total simply checks a message to ascertain if it has been altered during transmission.

Option C says “to show whether the message has been altered during transmission”. This is the primary purpose of using a message digest or hash in digital signatures and data transmissions. It is to ensure that the data transmitted has not been altered in any way or replaced. If a malicious individual changed the original data, the final hash of the data will not agree to the original hash total. This is a detective control to pick up integrity breaches in data transmission.

The correct answer is thus C – to “to show whether the message has been altered during transmission”. It agrees with the “key” to this question which required us to identify the purpose of using a message digest in degital signatures.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s