Certified Information Systems Auditor (CISA) — Question 431

On a public-key cryptosystem when there is no previous knowledge between parties, which of the following will BEST help to prevent one person from using a fictitious key to impersonate someone else?

Answer options

• A. Send a certificate that can be verified by a certification authority with the public key.
• B. Encrypt the message containing the sender's public key, using the recipient's public key.
• C. Send the public key to the recipient prior to establishing the connection.
• D. Encrypt the message containing the sender's public key, using a private-key cryptosystem.

Correct answer: A

Explanation

The correct answer is A because sending a certificate that can be verified by a certification authority ensures that the public key belongs to the legitimate owner, thus preventing impersonation. Options B and D do not provide a mechanism for verifying the authenticity of the key, while option C lacks the necessary assurance of identity since it does not involve any verification process.