ISC2 Governance, Risk and Compliance (CGRC) Practice Question
During the assessment of an electronic procurement system, you need to demonstrate that a senior executive cannot later deny approving a purchase order transmitted over the network. Which control provides the STRONGEST technical assurance of non-repudiation for these transactions?
Apply a digital signature to each purchase order using the executive's PKI private key.
Require the executive to authenticate with multi-factor credentials before accessing the approval portal.
Encrypt the purchase order with TLS while it is transmitted between client and server.
Record the source IP address of each submission in web-server access logs.
Non-repudiation requires technical evidence that definitively binds a specific individual to a specific action and protects that evidence from undetected alteration. A digital signature created with the executive's private key meets this requirement because:
The private key is uniquely associated with the signer, so the origin of the message can be proven.
The cryptographic hash included in the signature detects any later modification of the signed content.
Anyone with the signer's public certificate can verify both origin and integrity, making it difficult for the signer to credibly deny the action.
TLS encryption only protects data in transit; once the session ends it provides no enduring proof of origin. Web-server logs that record IP addresses can be forged, shared, or spoofed and therefore do not offer strong assurance. Multi-factor authentication confirms the user's identity when logging in but does not bind that identity to the specific purchase-order message in a verifiable way after the fact.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a digital signature?
Open an interactive chat with Bash
What is PKI and how does it relate to private/public keys?
Open an interactive chat with Bash
Why is TLS encryption inadequate for non-repudiation?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Security and Privacy Governance, Risk Management, and Compliance Program
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .