Chapter 3 Β· Quiz

Non-Repudiation Quiz

Multiple choice, matching, analysis, and evaluation questions.

Part A β€” Multiple Choice

Q1
What does hashing ALONE prove about a message?
βœ… Correct: C. Hashing only proves integrity β€” data hasn't changed. It does NOT identify the sender. For origin proof, you need a digital signature.
Q2
Alice wants to send Bob a digitally signed message. Which key does Alice use to CREATE the digital signature?
βœ… Correct: C β€” Alice's private key. The sender always signs with their OWN private key. Only Alice has her private key, so only she can create a valid signature that her public key can verify.
Q3
Bob receives a digitally signed email from Alice. Which key does Bob use to VERIFY the signature?
βœ… Correct: C β€” Alice's public key. The receiver verifies using the SENDER's public key. Alice's public key can decrypt the signature that was encrypted with Alice's private key.
Q4
Which mechanism provides BOTH proof of data integrity AND proof of who sent the data?
βœ… Correct: D β€” Digital signature. It contains a hash (integrity) encrypted with the sender's private key (origin). Both are verified in one operation.
Q5
What does non-repudiation prevent a sender from doing?
βœ… Correct: B. Non-repudiation means you cannot deny having performed an action. The digital signature provides mathematical proof that you sent the message.

Part B β€” Matching

Match each technique to what it proves.

TECHNIQUE

Hashing only
Digital Signature
Public Key
Private Key

PROVES

Data integrity only
Integrity + Origin
Used to verify a signature
Used to create a signature

Part C β€” Analysis

Q6 β€” Analyze
An organization emails contracts to partners. They use encryption to protect the content, but no digital signatures. A partner later disputes the terms of a contract. What security gap allowed this dispute and what would have prevented it?
βœ… Correct: B. Encryption protects confidentiality but proves nothing about message content or sender after the fact. Digital signatures would have created a verifiable, non-repudiable record of exactly what was sent and by whom.

Part D β€” Evaluation

Q7 β€” Evaluate
Should an organization rely solely on hashing for non-repudiation of financial transactions? Justify your position.
βœ… Correct: B. Hashing verifies that transaction data is unchanged, but cannot prove who initiated the transaction. An attacker could hash a forged transaction β€” the hash would be valid for that forged data. Digital signatures bind the transaction to a specific private key holder, providing the "who" component essential for financial non-repudiation.
0/7
Questions Answered Correctly