Certified in Risk and Information Systems Control (CRISC) Practice Test

A digital signature serves as a mechanism to ensure the integrity and authenticity of a message or document. When a digital signature is applied, it is created using a cryptographic algorithm that combines the content of the message with the private key of the sender. This allows the recipient to verify the signature using the sender's public key.

If a digital signature fails to verify, it typically indicates that the content of the message has been altered in some way after the signature was applied. This alteration could range from changes to the data itself to the message being tampered with during transmission. Hence, the recipient can conclude that the message cannot be trusted, as the integrity of the data has been compromised. This is why the correct answer is that the message is assumed to be altered.

This understanding is critical in risk management and information systems control, where maintaining data integrity and authenticity is paramount. The other options reflect misunderstandings about digital signatures; for instance, automatic encryption does not occur simply because verification fails, and the renewal of a digital certificate does not relate to the verification status of a signature. Confirmation of the sender's identity also does not occur when verification fails, as it is the integrity of the message that is questioned, not necessarily the identity of the sender.