Certified in Risk and Information Systems Control (CRISC) Practice Test

Using a digital envelope for secure communications provides a significant advantage as it allows messages to be encrypted without exposing the private key. This method typically involves encrypting the message with a symmetric key, which is then encrypted using the recipient's public key. By doing so, only the recipient, who possesses the corresponding private key, can decrypt the symmetric key and subsequently the original message. This process enhances security, as the private key remains confidential and is never transmitted or exposed during the communication process.

The other options have limitations or inaccuracies. For instance, while a digital envelope enhances security, it does not eliminate the need for secure passwords, as authentication processes may still require them. The idea that it guarantees messages cannot be intercepted is misleading; while digital envelopes greatly improve security, they cannot completely eliminate the possibility of interception, especially if the communication channel itself is compromised. Lastly, using a digital envelope does not necessarily reduce the size of documents significantly; the primary focus is on securing communication rather than on minimizing file sizes.