Weekly CISSP Practice

Exam Questions

Week 46 - Question 2

Question: Which encryption method uses the same key for both encryption and decryption?

A. Asymmetric Encryption
B. Symmetric Encryption
C. Hashing
D. Elliptic Curve Cryptography

Correct Answer: B. Symmetric Encryption

Understanding Symmetric Encryption

Symmetric encryption is the workhorse of the data protection world. Also known as "Secret Key" or "Session Key" encryption, it relies on a single shared key that both the sender and the receiver must possess and keep secret.

Shutterstock

1. Symmetric Encryption (The Correct Choice)

The Mechanism: If Alice wants to send a secure file to Bob, she encrypts it using a specific key. Bob then uses that exact same key to decrypt it.
Why it’s used: Symmetric algorithms are mathematically "lighter" than their asymmetric counterparts. This makes them incredibly fast and ideal for bulk data encryption (encrypting entire hard drives or large database files).
The Challenge: The "Key Distribution" problem. How do Alice and Bob share the secret key securely without an eavesdropper stealing it?
CISSP Examples: AES (Advanced Encryption Standard), DES, 3DES, Blowfish, and RC4.

2. Asymmetric Encryption (Option A)

Asymmetric encryption uses a Key Pair. Each user has a Public Key (which everyone can see) and a Private Key (which is never shared).

The Mechanism: Data encrypted with a Public Key can only be decrypted by its mathematically related Private Key.
Why it’s used: It solves the key distribution problem. You can send your public key to anyone, and they can use it to send you encrypted messages that only you can read.
CISSP Examples: RSA and Diffie-Hellman.

3. Hashing (Option C)

As noted in the breakdown, hashing is not encryption. It is a one-way transformation designed to ensure Integrity.

The Distinction: In encryption, the goal is to get the original data back (reversible). In hashing, the goal is to create a unique fingerprint that proves the data hasn't been tampered with (non-reversible).

4. Elliptic Curve Cryptography / ECC (Option D)

ECC is a high-performance form of Asymmetric Encryption.

The Mechanism: Instead of relying on the difficulty of factoring large prime numbers (like RSA), ECC relies on the algebraic structure of elliptic curves.
The Benefit: ECC provides the same security as RSA but with significantly smaller key sizes. For example, a 256-bit ECC key provides roughly the same security as a 3072-bit RSA key, making it the standard for mobile devices and smart cards where processing power is limited

The "Hybrid" Reality

In the real world (like when you visit an HTTPS website), we use Hybrid Cryptography:

Asymmetric Encryption is used to securely exchange a symmetric key.
Symmetric Encryption is then used to encrypt the actual data for the duration of the session because it is faster.

The "CISSP Rule of Thumb"

Symmetric = One Key, High Speed, Bulk Data.
Asymmetric = Two Keys, Slower, Key Management, Digital Signatures.
ECC = Asymmetric for mobile/low-power devices.

Podcasts

Check out my weekly podcasts that delve deep into the relevant topics related to each of CISSP domains. In addition, I will go over specific questions and they can be interpreted and answered.

Listen Podcasts

CISSP Cyber Training Academy

Tired of not knowing how to study for the CISSP Exam?

Check out the CISSP Cyber Training Academy to help you on your journey!

Learn about the Academy!

CISSP Cyber Training - YouTube

Check out my video collection on YouTube discussing all the details needed to help you pass the CISSP exam.

Check out channel

Weekly CISSP Practice

Exam Questions

Question: Which encryption method uses the same key for both encryption and decryption?

A. Asymmetric Encryption

B. Symmetric Encryption

C. Hashing

D. Elliptic Curve Cryptography

Correct Answer: B. Symmetric Encryption

Understanding Symmetric Encryption

Symmetric encryption is the workhorse of the data protection world. Also known as "Secret Key" or "Session Key" encryption, it relies on a single shared key that both the sender and the receiver must possess and keep secret.

Shutterstock

1. Symmetric Encryption (The Correct Choice)

The Mechanism: If Alice wants to send a secure file to Bob, she encrypts it using a specific key. Bob then uses that exact same key to decrypt it.

Why it’s used: Symmetric algorithms are mathematically "lighter" than their asymmetric counterparts. This makes them incredibly fast and ideal for bulk data encryption (encrypting entire hard drives or large database files).

The Challenge: The "Key Distribution" problem. How do Alice and Bob share the secret key securely without an eavesdropper stealing it?

CISSP Examples: AES (Advanced Encryption Standard), DES, 3DES, Blowfish, and RC4.

2. Asymmetric Encryption (Option A)

Asymmetric encryption uses a Key Pair. Each user has a Public Key (which everyone can see) and a Private Key (which is never shared).

The Mechanism: Data encrypted with a Public Key can only be decrypted by its mathematically related Private Key.

Why it’s used: It solves the key distribution problem. You can send your public key to anyone, and they can use it to send you encrypted messages that only you can read.

CISSP Examples: RSA and Diffie-Hellman.

3. Hashing (Option C)

As noted in the breakdown, hashing is not encryption. It is a one-way transformation designed to ensure Integrity.

The Distinction: In encryption, the goal is to get the original data back (reversible). In hashing, the goal is to create a unique fingerprint that proves the data hasn't been tampered with (non-reversible).

4. Elliptic Curve Cryptography / ECC (Option D)

ECC is a high-performance form of Asymmetric Encryption.

The Mechanism: Instead of relying on the difficulty of factoring large prime numbers (like RSA), ECC relies on the algebraic structure of elliptic curves.

The Benefit: ECC provides the same security as RSA but with significantly smaller key sizes. For example, a 256-bit ECC key provides roughly the same security as a 3072-bit RSA key, making it the standard for mobile devices and smart cards where processing power is limited

The "Hybrid" Reality

In the real world (like when you visit an HTTPS website), we use Hybrid Cryptography:

Asymmetric Encryption is used to securely exchange a symmetric key.

Symmetric Encryption is then used to encrypt the actual data for the duration of the session because it is faster.

The "CISSP Rule of Thumb"

Symmetric = One Key, High Speed, Bulk Data.

Asymmetric = Two Keys, Slower, Key Management, Digital Signatures.

ECC = Asymmetric for mobile/low-power devices.

Podcasts

CISSP Cyber Training Academy

CISSP Cyber Training - YouTube

Get Your FREE Collection of Top-Quality CISSP Exam Questions Today!

Weekly CISSP Practice

Exam Questions

Question: Which encryption method uses the same key for both encryption and decryption?

A. Asymmetric Encryption

B. Symmetric Encryption

C. Hashing

D. Elliptic Curve Cryptography

Correct Answer: B. Symmetric Encryption

Understanding Symmetric Encryption

Symmetric encryption is the workhorse of the data protection world. Also known as "Secret Key" or "Session Key" encryption, it relies on a single shared key that both the sender and the receiver must possess and keep secret.

Shutterstock

1. Symmetric Encryption (The Correct Choice)

The Mechanism: If Alice wants to send a secure file to Bob, she encrypts it using a specific key. Bob then uses that exact same key to decrypt it.

Why it’s used: Symmetric algorithms are mathematically "lighter" than their asymmetric counterparts. This makes them incredibly fast and ideal for bulk data encryption (encrypting entire hard drives or large database files).

The Challenge: The "Key Distribution" problem. How do Alice and Bob share the secret key securely without an eavesdropper stealing it?

CISSP Examples: AES (Advanced Encryption Standard), DES, 3DES, Blowfish, and RC4.

2. Asymmetric Encryption (Option A)

Asymmetric encryption uses a Key Pair. Each user has a Public Key (which everyone can see) and a Private Key (which is never shared).

The Mechanism: Data encrypted with a Public Key can only be decrypted by its mathematically related Private Key.

Why it’s used: It solves the key distribution problem. You can send your public key to anyone, and they can use it to send you encrypted messages that only you can read.

CISSP Examples: RSA and Diffie-Hellman.

3. Hashing (Option C)

As noted in the breakdown, hashing is not encryption. It is a one-way transformation designed to ensure Integrity.

The Distinction: In encryption, the goal is to get the original data back (reversible). In hashing, the goal is to create a unique fingerprint that proves the data hasn't been tampered with (non-reversible).

4. Elliptic Curve Cryptography / ECC (Option D)

ECC is a high-performance form of Asymmetric Encryption.

The Mechanism: Instead of relying on the difficulty of factoring large prime numbers (like RSA), ECC relies on the algebraic structure of elliptic curves.

The Benefit: ECC provides the same security as RSA but with significantly smaller key sizes. For example, a 256-bit ECC key provides roughly the same security as a 3072-bit RSA key, making it the standard for mobile devices and smart cards where processing power is limited

The "Hybrid" Reality

In the real world (like when you visit an HTTPS website), we use Hybrid Cryptography:

Asymmetric Encryption is used to securely exchange a symmetric key.

Symmetric Encryption is then used to encrypt the actual data for the duration of the session because it is faster.

The "CISSP Rule of Thumb"

Symmetric = One Key, High Speed, Bulk Data.

Asymmetric = Two Keys, Slower, Key Management, Digital Signatures.

ECC = Asymmetric for mobile/low-power devices.

Podcasts

CISSP Cyber Training Academy

CISSP Cyber Training - YouTube

Master the CISSP Exam with Confidence!

Get Your FREE Collection of Top-Quality CISSP Exam Questions Today!