I have received a lot of feedback from candidates appearing for the CISA exam. All agreed that the stress is given more on conceptual and practical knowledge. One such question in the area of Encryption is discussed below.

Q). Which of the following must be proven to ensure message or transaction nonrepudiation?

A. The integrity of the message or transaction cannot have been compromised after it was last controlled by the party sending the message or performing the transaction.
B. The level of nonrepudiation is tightly linked to the strength of authentication of the party sending the message or performing the transaction.
C. Both A and B are true.
D. Neither A nor B is true.

Answer: C

Nonrepudiation is provided by having proof that an action occurred and proof of the identity of the party performing the action.