A lot of the answers over the last few pages seem to be either outright wrong or very debatable. Isn't non repudiation one of the reasons to send an encrypted email?
Answer should be A (Secure Email), Why?
Let say Bob want to share the incident-related artifacts with Alice.
By utilizing secure email incorporated with digital signature, this will provide non-repudiation because it will verify the authenticity of the incident-related artifacts. In this case, Alice can't deny she did not received the artifacts from Bob. At the same time, this will also protect Bob in the event if Alice decides to modify the content of the artifacts.
Lastly, sending an email also leave a trace or record in the mail server that whether Bob did indeed send an email containing the artifacts to Alice.
Why not B (Encrypted USB drives)? If you go back to the scenario which I had use. Alice can deny that she did not received the Encrypted USB drives containing the artifacts from Bob or Bob can also insist that he pass the Encrypted USB drives to Alice but in actual fact he did not. Therefore, there is no accountability here.
In this scenario answer is A,
secure email is a better option than an encrypted USB drive because it ensures that the artifacts are only accessible to authorized parties and that the integrity and authenticity of the artifacts can be verified using digital signatures. Additionally, secure email can provide end-to-end encryption to protect the artifacts from being intercepted and viewed by unauthorized parties during transit.
Encrypted USB drive can only protect the data on the drive, but it does not ensure the authenticity of the sender and the integrity of the data, and it does not encrypt the data during the transit.
the answer is A. the questions ask for non-repudiation .. secure email is the best way to provide non-repudiation ... it is an authenticated method, with signature and encryption ...
Someone might say "but what if the email stops hacked" - in this case it's easy, compare the checksun, the sender has an authentic email in his outbox (where he can't make changes himself). Unauthenticated is a guarantee for the sender and recipient.
In the case of USB, a unique form of comparator in case of an interception would be the original file that would be within reach of the elevator to make any changes if he wants to.
B sounds about right. Secure e-mail can still be intercepted and it is only secure between points but once opened how does one tell if changes have been made to the contents? Cloud containers, lets not even go there... Same with network folders... Those three things, at some point, is out of a persons hands... But the USB keys... Chain of custody... hashing... encrypted... Nuf said...
Answer should be A (Secure Email), Why?
Let say Bob want to share the incident-related artifacts with Alice.
By utilizing secure email incorporated with digital signature, this will provide non-repudiation because it will verify the authenticity of the incident-related artifacts. In this case, Alice can't deny he did not received the artifacts from Bob.
At the same time, this will also protect Bob in the event if Alice decides to modify the content of the artifacts.
Lastly, sending an email also leave a trace or record in the mail server that Bob did indeed send an email containing the artifacts to Alice.
Why not B (Encrypted USB drives)? If you go back to the scenario which I had use. Alice can deny that she did not received the artifacts from Bob or Bob can also insist that he pass the Encrypted USB drives to Alice. Therefore, there is no accountability here.
Answer should be A (Secure Email), Why?
Let say Bob want to share the incident-related artifacts with Alice.
By utilizing secure email incorporated with digital signature, this will provide non-repudiation because it will verify the authenticity of the incident-related artifacts. In this case, Alice can't deny she did not received the artifacts from Bob. At the same time, this will also protect Bob in the event if Alice decides to modify the content of the artifacts.
Lastly, sending an email also leave a trace or record in the mail server that whether Bob did indeed send an email containing the artifacts to Alice.
Why not B (Encrypted USB drives)? If you go back to the scenario which I had use. Alice can deny that she did not received the Encrypted USB drives containing the artifacts from Bob or Bob can also insist that he pass the Encrypted USB drives to Alice but in actual fact he did not. Therefore, there is no accountability here.
I'd think secure email w/ digital signatures would provide non-repudiation. Then again, if you physically hand someone a USB drive, I think that also provides non-repudiation.
Still, email is probably better here.
If this question or a similar one is on the exam, I would hope the answer would be the correct one.
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.CS0-001 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
s3curity1
Highly Voted 4 years, 11 months agoRowlandmarc
4 years, 10 months agoPrinter_Micromanager
4 years, 10 months agoBlind_Hatred
4 years, 10 months agoB1GHead
4 years, 1 month agolumirr
Most Recent 2 years, 3 months agoandre0994
3 years agoSrGhost
3 years, 7 months agoITeaGuy
4 years, 6 months agoB1GHead
4 years, 1 month agoB1GHead
4 years, 1 month agooooooga
4 years, 6 months agoTeeTime87
4 years, 9 months agoBigBo01010
4 years, 9 months agoPrinter_Micromanager
4 years, 9 months ago