ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
While designing a RESTful payment API, you must guarantee that customers cannot later dispute having authorized a high-value transfer request sent to your service. Which technique provides the strongest cryptographic evidence of origin and therefore best meets the non-repudiation requirement for each transaction?
Store a SHA-256 hash of every received request in an append-only audit log after processing.
Transmit all requests over mutually authenticated TLS 1.3 sessions to confirm the client's identity.
Sign each request with the customer's private key using an asymmetric digital signature algorithm such as ECDSA.
Include an HMAC of the request body computed with a secret key shared between the client and server.
Non-repudiation requires that the sender alone could have produced the proof that accompanies each request. An asymmetric digital signature created with the customer's private key satisfies this: only the key holder can generate the signature, and anyone with the corresponding public key can verify it, providing enduring proof of origin and integrity. An HMAC does not offer non-repudiation because both parties share the same secret; either could have produced the MAC, so neither can later be uniquely held accountable. Transport-layer encryption with mutual TLS authenticates the session in real time but does not bind the user to the specific message content once the session ends. Simply hashing and storing requests in a log ensures integrity of stored records but lacks any binding to a particular individual, so it does not prevent repudiation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is an asymmetric digital signature better for non-repudiation than an HMAC?
Open an interactive chat with Bash
How does mutual TLS authentication differ from asymmetric digital signatures in providing non-repudiation?
Open an interactive chat with Bash
What is the role of SHA-256 hashing in secure communication, and why doesn't it ensure non-repudiation?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Concepts
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .