ISC2 CISSP Practice Question

The correct answer is Encrypting the document's hash with the sender's private key. This process creates a digital signature. It ensures integrity because any change to the document will result in a different hash. It provides authentication and non-repudiation because only the holder of the unique private key could have encrypted the hash, and they cannot later deny signing it.

Encrypting the entire document with the recipient's public key is incorrect. This action provides confidentiality, ensuring only the intended recipient can decrypt and read the document, but it does not provide integrity or non-repudiation for the sender.

Generating a Message Authentication Code (MAC) using a shared secret key is incorrect. A MAC provides integrity and authentication, but because it relies on a key shared between the sender and receiver, it cannot provide non-repudiation. Either party could have generated the MAC, so the sender could deny having sent the message.

Establishing a Transport Layer Security (TLS) tunnel for data transmission is incorrect. TLS secures the communication channel, protecting data from eavesdropping and tampering while in transit. However, it does not provide a persistent signature on the document itself that can be verified later for non-repudiation. The protection ends once the TLS session is terminated.