Sec+ Day 2 Cryptographic Solutions and Identity Management Quiz

AES is a symmetric encryption algorithm designed for efficiency and speed, making it ideal for encrypting large volumes of data. In contrast, RSA, DSA, and ECC are asymmetric algorithms, which are slower and less suitable for this purpose.

The primary role of a Certificate Authority (CA) in a Public Key Infrastructure (PKI) is to issue and manage digital certificates, which validate the identity of entities and facilitate secure communications.

Mandatory Access Control (MAC) is ideal for environments where data classification and security clearance are critical, as it enforces strict policies that restrict access based on predefined security levels.

A digital signature uses a hash function to create a unique digest of the message, which is then encrypted with a private key. This ensures integrity (the message hasn't changed) and non-repudiation (the sender can't deny sending it).

The primary benefit of identity federation is that it allows for single sign-on across different organizations, simplifying user access and improving user experience without needing multiple credentials.

The key advantage of multi-factor authentication (MFA) is that it increases security by requiring multiple forms of verification, making it harder for unauthorized users to gain access.

Role-Based Access Control (RBAC) is effective for restricting access based on user roles, ensuring only authorized personnel can access sensitive data, making it suitable for this scenario.

The correct choice highlights that symmetric encryption uses a single key for both encryption and decryption, while asymmetric encryption employs a pair of keys (a public and a private key) for secure communication.

A Public Key Infrastructure (PKI) enhances security by providing a framework for secure key exchange and management, ensuring that keys are distributed and verified properly, which is essential for secure digital communications.

A digital signature primarily serves to verify the identity of the sender and ensure data integrity, confirming that the message has not been altered during transmission.