Which of the following statement correctly describes the difference between symmetric key encryption and asymmetric key encryption?
Correct Answer: C
Explanation/Reference: There are two basic techniques for encrypting information: symmetric encryption (also called secret key encryption) and asymmetric encryption (also called public key encryption.) Symmetric Encryption Symmetric encryption is the oldest and best-known technique. A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key. Few examples of symmetric key algorithms are DES, AES, Blowfish, etc Asymmetric Encryption The problem with secret keys is exchanging them over the Internet or a large network while preventing them from falling into the wrong hands. Anyone who knows the secret key can decrypt the message. One answer is the usage of asymmetric encryption, in which there are two related keys, usually called a key pair. The public key is made freely available to anyone who might want to send you a message. The second key, called the private key is kept secret, so that only you know it. Any message (text, binary files, or documents) that are encrypted using the public key can only be decrypted by the matching private key. Any message that is encrypted by using the private key can only be decrypted by using the matching public key. This means that you do not have to worry about passing public keys over the Internet (the keys are supposed to be public).A problem with asymmetric encryption, however, is that it is slower than symmetric encryption. It requires far more processing power to both encrypt and decrypt the content of the message. Few examples of asymmetric key algorithms are RSA, Elliptic key Cryptography (ECC), El Gamal, Differ- Hellman, etc The following were incorrect answers: The other options don't describe correctly the difference between symmetric key and asymmetric key encryption. The following reference(s) were/was used to create this question: CISA review manual 2014 Page number 348 and 349 http://support.microsoft.com/kb/246071 http://www.engineersgarage.com/articles/what-is-cryptography-encryption?page=3
Question 242
Which of the following findings should be of MOST concern to an IS auditor reviewing an organization's business continuity plan (BCP)?
Correct Answer: A
Question 243
For an organization which uses a VoIP telephony system exclusively, the GREATEST concern associated with leaving a connected telephone in an unmonitored public area is the possibility of:
Correct Answer: B
Section: Information System Operations, Maintenance and Support
Question 244
A retailer normally uses a scanner to read product labels and input product codes and prices. The unit is not functioning and staff are keying information manually. With respect to the accuracy of the input, it is likely that:
Correct Answer: C
Section: Information System Operations, Maintenance and Support
Question 245
While following up on a prior audit report, an IS auditor determines that a number of recommendations to address critical findings have not been implemented as agreed. What is the BEST course of action for the auditor?
