Exam CISM topic 1 question 191 discussion

D. Digital signatures verify nonrepudiation, not data integrity. Although not a great selection, D is the best selection on this list.

B: Digital signatures authenticate sender, the receiver and the integrity of a message. Secure transfer means ENCRYPTION. Encryption=Confidentiality, not integrity. See also QAE Domain 3, question 48 (paper version) Good luck

The correct answer is B. Require files to be digitally signed before they are transmitted. Explanation: Digital signatures provide a high level of confidence in the integrity and authenticity of data when it is sent from one party to another. When files are digitally signed, they are encrypted using the sender's private key, and the recipient can use the sender's public key to decrypt and verify the signature. This process ensures that the data has not been tampered with during transit and that it indeed originated from the expected sender.

Sorry but digital signature has no impact on integrity, only on authentication and non-repudiation. So the only possible response in the list is response D. A more relevant response would have been "hashing" but it's not in the list.

D. Question asks about data integrity not data confidentiality. digital signatures confirm the sender is who he says, but does not assure data integrity. parity checks, checksums, secure connections assure data integrity

B. Require files to be digitally signed before they are transmitted.

B. Require files to be digitally signed before they are transmitted. Requiring files to be digitally signed before transmission ensures data integrity and authenticity. Digital signatures use cryptographic techniques to verify that the data has not been tampered with during transit and that it originated from the expected sender. The digital signature provides a strong assurance that the data has not been altered and that it comes from a trusted source.