A team must encrypt multi-gigabyte backups nightly with minimal CPU overhead. Which approach best fits?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the WGU ITAS 2142 D830 Introduction to Cryptography Exam. Review flashcards and multiple choice questions with hints and explanations. Get ready for your exam!

Multiple Choice

A team must encrypt multi-gigabyte backups nightly with minimal CPU overhead. Which approach best fits?

Explanation:
To protect a multi‑gigabyte backup efficiently, you want a way to verify that the backup hasn’t been tampered with and that it came from a trusted source, without paying the heavy cost of encrypting every byte with public‑key cryptography. A digital signature achieves this by signing a compact digest (hash) of the backup data with a private key. During restore, you verify that signature with the corresponding public key. This approach keeps CPU overhead low because the expensive public‑key operation is applied to a small digest rather than the entire large dataset, while still providing strong integrity and authenticity guarantees. In contrast, encrypting the entire backup with a public‑key or with a heavy mode of operation would incur much higher CPU costs for large data. A hash-based message authentication code (HMAC) provides integrity as well but requires a shared secret and does not offer non‑repudiation. A pure encryption approach would protect confidentiality but is typically more resource-intensive for large volumes of data. In practice, you’d often combine the two: encrypt the backup with a fast symmetric cipher for confidentiality and sign the ciphertext to ensure integrity and authenticity; however, among the given options, the digital signature best fits the goal of minimizing CPU overhead while ensuring the data’s integrity and provenance.

To protect a multi‑gigabyte backup efficiently, you want a way to verify that the backup hasn’t been tampered with and that it came from a trusted source, without paying the heavy cost of encrypting every byte with public‑key cryptography. A digital signature achieves this by signing a compact digest (hash) of the backup data with a private key. During restore, you verify that signature with the corresponding public key. This approach keeps CPU overhead low because the expensive public‑key operation is applied to a small digest rather than the entire large dataset, while still providing strong integrity and authenticity guarantees.

In contrast, encrypting the entire backup with a public‑key or with a heavy mode of operation would incur much higher CPU costs for large data. A hash-based message authentication code (HMAC) provides integrity as well but requires a shared secret and does not offer non‑repudiation. A pure encryption approach would protect confidentiality but is typically more resource-intensive for large volumes of data. In practice, you’d often combine the two: encrypt the backup with a fast symmetric cipher for confidentiality and sign the ciphertext to ensure integrity and authenticity; however, among the given options, the digital signature best fits the goal of minimizing CPU overhead while ensuring the data’s integrity and provenance.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy