Certified Information Systems Auditor (CISA) — Question 214

An organization uses public key infrastructure (PKI) to provide email security. Which of the following would be the MOST efficient method to determine whether email messages have been modified in transit?

Answer options

• A. The message is sent along with an encrypted hash of the message.
• B. The message is sent using Transport Layer Security (TLS) protocol.
• C. The message is encrypted using a symmetric algorithm.
• D. The message is encrypted using the private key of the sender.

Correct answer: A

Explanation

Option A is correct because sending an encrypted hash allows verification of the message's integrity by checking if the hash matches after receipt. Options B, C, and D do not specifically address the integrity verification of the email content in transit; TLS secures the connection but does not validate message integrity, while symmetric encryption and using the private key do not provide a method for checking modifications.