Which of the following best explains how a digital signature helps verify that a message has not been altered?
Think about how the receiver can check if the message content changed after signing.
A digital signature is created by hashing the message and encrypting that hash with the sender's private key. The receiver decrypts the signature with the sender's public key and compares the hash to the message's hash. If they match, the message is intact.
What is the primary function of a Certificate Authority in digital certificates?
Consider who confirms that a public key belongs to a specific person or organization.
A Certificate Authority verifies the identity of entities and issues digital certificates that link a public key to that verified identity, helping others trust the key.
Which of the following situations would cause a digital certificate to be considered invalid or untrustworthy?
Think about the importance of certificate validity periods.
A digital certificate has a validity period. If the expiration date has passed, the certificate is no longer trusted because it may not reflect current ownership or security standards.
Which statement correctly distinguishes a digital signature from encryption?
Consider the purpose of each process: hiding content vs proving authenticity.
Encryption protects message confidentiality by hiding content, while digital signatures prove who sent the message and that it was not changed.
If an attacker gains access to a user's private key used for digital signatures, what is the most serious consequence?
Think about what a private key is used for in signing messages.
The private key is used to create digital signatures. If compromised, an attacker can forge signatures, pretending to be the user and sending fake messages that appear authentic.