An organization wants to ensure that a received email genuinely came from the claimed sender and has not been altered. Which cryptographic mechanism provides both authentication and integrity?
Digital signatures use the sender's private key, providing authentication and integrity.
Why this answer
A digital signature uses the sender's private key to sign the message, and the recipient verifies it with the sender's public key. This process provides authentication (proving the sender's identity) and integrity (detecting any alteration) because any change to the message invalidates the signature. Hash functions alone provide integrity but not authentication, while PKI is the infrastructure that supports digital signatures but is not the mechanism itself.
Exam trap
Cisco often tests the distinction between a mechanism (digital signature) and the supporting infrastructure (PKI), leading candidates to mistakenly select PKI because they associate it with certificates and authentication.
How to eliminate wrong answers
Option B is wrong because a hash function provides integrity by producing a fixed-size digest, but it does not authenticate the sender; an attacker can replace both the message and its hash. Option C is wrong because PKI is a framework of policies, roles, and certificates that enables digital signatures and encryption, but it is not a cryptographic mechanism that directly provides both authentication and integrity. Option D is wrong because symmetric encryption provides confidentiality (secrecy) but does not inherently authenticate the sender or ensure integrity; an attacker with the shared key could modify the ciphertext.