2025年國際注冊(cè)信息系統(tǒng)審計(jì)師（CISA）資格考試（英文版）經(jīng)典試題及答案1.Single-ChoiceQuestions(1markeach)1.1Anorganizationhasmigrateditspayment-processingworkloadtoanInfrastructure-as-a-Service(IaaS)provider.WhichofthefollowingBESTdemonstratesthattheprovider’slogicalaccesscontrolsaredesignedeffectively?A.Theprovider’sSOC2TypeIIreportlistsnoexceptionsforlogicalaccess.B.Theprovider’spenetration-testletterconfirmsnocriticalfindings.C.Thecustomer’sownvulnerabilityscanshowsnohigh-riskfindings.D.Thecontractshiftsallsecurityresponsibilitytotheprovider.Answer:AExplanation:ASOC2TypeIIreportisissuedunderSSAE-18andcoversthedesignandoperatingeffectivenessofcontrols.Theabsenceofexceptions(“noexceptions”)isthestrongestevidencethatthecontrolsarebothdesignedandoperatingeffectively.Pen-testletters(B)andcustomerscans(C)addressonlypoint-in-timetechnicalexposures,whilecontractuallanguage(D)doesnotevidencecontrolperformance.1.2Duringapost-implementationreviewofanERPupgrade,anISauditornotesthatemergencychangeswerepromotedtoproductiononfourweekendswithoutdocumentationofthebusinessjustification.WhichfindingisMOSTmaterial?A.Emergencychangesbypassedthecode-scanningtool.B.Emergencychangeswerenotreflectedinthedisaster-recoverybaseline.C.Emergencychangeswerenotloggedinthechange-managementsystem.D.EmergencychangeswereapprovedverballybytheCIOonly.Answer:CExplanation:Ifthechangeisnotlogged,thereisnoaudittrail—meaningnoevidencethatthechangewastested,approved,orevenmade.Thisundermineseveryothercontrol.Whiletheotherchoicesrepresentweaknesses,theabsenceoflogging(C)istherootcausethatpreventsassurance.1.3Aretailchainusespoint-to-pointencryption(P2PE)betweeneachPOSterminalandthepaymentgateway.WhichofthefollowingtestsprovidestheBESTevidencethatcryptographicseparationismaintained?A.Observethateachterminalhasauniquekey-loadingcertificate.B.TraceasampletransactionandverifythatthePANisencryptedattheterminalkeypad.C.InspecttheHSMsecuritypolicytoconfirmdual-controlforkeygeneration.D.Reviewthekey-blockformattoensurethatkey-encrypting-keysaredistinctfromdata-encrypting-keys.Answer:DExplanation:P2PEassurancerestsondemonstratingthatkeysusedtoencryptcardholderdataarethemselvesprotectedbyseparatekey-encrypting-keys(KEKs)thatneverexistincleartextoutsidetheHSM.ChoiceDdirectlyvalidatescryptographicseparation.Uniquecertificates(A)andkeypadencryption(B)arenecessarybutnotsufficient;dualcontrol(C)isanoperationalcontrol,notacryptographicdesigntest.1.4AnISauditorisreviewingtheadequacyofadata-loss-prevention(DLP)solutionforamultinationalbank.WhichmetricBESTindicatesthattheDLPrulesaretunedcorrectly?A.Percentageofoutbounde-mailsquarantinedforreview.B.Ratiooftrue-positiveincidentstototalpolicyviolationsflagged.C.Numberofdata-classificationlabelsappliedperquarter.D.AveragetimetoresolveaDLPalert.Answer:BExplanation:Ahighratiooftruepositivestototalflagsshowsthattherulesareprecise(lowfalsepositives)andsensitive(hightruepositives).Quarantinevolume(A)couldreflectover-blocking;labelcounts(C)measureclassificationeffort,notDLPaccuracy;resolutiontime(D)measuresprocessefficiency,nottuningquality.1.5AcloudSaaSvendoroffersa“sharedresponsibilitymatrix”thatstatesthecustomerisresponsiblefor“identitygovernance.”WhichofthefollowingwouldBESTsubstantiatethatthecustomerismeetingthisresponsibility?A.Thecustomer’squarterlyattestationthatallprivilegedaccountsarereviewed.B.Thevendor’slogshowingthatthecustomerdisabled50accountslastmonth.C.Thecustomer’sidentity-analyticsreportthatflagsorphanaccounts>90days.D.Thevendor’sSLAreportindicating99.9%availabilityoftheidentityAPI.Answer:CExplanation:Identitygovernancerequiresevidencethatthecustomerdetectsandremediatesidentityrisks(orphan,dormant,orover-privilegedaccounts).Anidentity-analyticsreport(C)providesmeasurableevidenceofriskdetection.Attestations(A)aredeclarative;logentries(B)showactionbutnotgovernance;APIavailability(D)isanoperationalmetric.1.6Anorganizationhasimplementedazero-trustnetworkarchitecture.WhichofthefollowingprovidestheSTRONGESTevidencethatthepolicyenforcementpoint(PEP)iseffective?A.Firewallrulesareupdatedevery15minutesviaDevSecOpspipelines.B.Packetcaptureshowsthateast-westtrafficisencryptedwithTLS1.3.C.Anattemptedlateral-movementscriptisblockedbytheSDPcontrollerandlogged.D.NACensuresthatonlycorporateMACaddressesobtainDHCPaddresses.Answer:CExplanation:Zero-trustefficacyisdemonstratedwhenareal-timecontrolpreventsanactualattacktechnique.Blockinglateralmovement(C)validatesthatthePEPenforcespolicyirrespectiveofnetworklocation.Rulefreshness(A),encryption(B),andNAC(D)arecontributorybutdonotproveenforcementagainstadversarialbehavior.1.7Duringafollow-upaudit,anISauditorlearnsthatmanagementhasreplacedthetraditionalfirewallwithanext-generationfirewall(NGFW)thatincludesintrusion-preventioncapability.WhichtestBESTverifiesthattheIPSsignaturesareprotectingagainstnewthreats?A.Verifythatthevendorsubscriptionisactiveandupdateddaily.B.RunavulnerabilityscanneragainsttheDMZandconfirmthatfindingsarezero.C.ReviewthelastthreemonthsofIPSlogsforblockedCVEspublishedwithinthesameperiod.D.InspectthechangeticketthatapprovedtheIPSpolicyupdatelastweek.Answer:CExplanation:EvidencethattheIPShasblockedrecentlypublishedCVEs(C)demonstratesthatsignaturesarecurrentandeffective.Subscriptionstatus(A)isnecessarybutnotsufficient;acleanscan(B)maymeannovulnerabilitiesorthatthescannerwasincomplete;achangeticket(D)isproceduralevidenceonly.1.8Ahospital’smedical-devicenetworkissegmentedbyVLAN.WhichobservationwouldMOSTconcernanISauditorregardingtheeffectivenessofsegmentation?A.TheVLANusesRFC1918addressingthatoverlapswiththecorporateWi-Fisubnet.B.ThebiomedicalteamcanaccesstheVLANfromworkstationsthatalsohaveInternetaccess.C.TheVLANACLallowsHTTPSfromthedevicestoavendorcloudfortelemetry.D.TheVLANisnotlistedintheannualnetwork-diagramupdate.Answer:BExplanation:Dual-homedworkstations(B)createapathformalwaretobridgefromtheInternettothemedical-deviceVLAN,defeatingsegmentation.OverlappingRFC1918space(A)isaroutingissue,notnecessarilyasecurityflaw;HTTPStelemetry(C)maybelegitimate;anoutdateddiagram(D)isadocumentationweaknessbutnotanactiveexposure.1.9AnISauditorisevaluatingtheresilienceofablockchain-basedtrade-financeplatform.WhichtestBESTvalidatesthattheconsensusmechanismisresistantto51%attacks?A.Calculatethehashratedistributionacrossminingpools.B.Confirmthatsmart-contractcodeisimmutableoncedeployed.C.Verifythatnodebinariesarereproduciblefromopen-sourcerepositories.D.Reviewtheincidentlogforpastchainreorganizationslongerthansixblocks.Answer:AExplanation:A51%attackbecomespracticalwhenanadversarycontrolsthemajorityofhashrate.Measuringcurrentdistribution(A)providesdirectevidenceofcentralizationrisk.Codeimmutability(B)addressesapplicationlogic,notconsensus;reproduciblebuilds(C)supplyintegrity;reorghistory(D)isafter-the-factevidence.1.10Afinancialregulatorrequiresthatencryptionkeysforcriticalsystemsbeescrowed.WhichescrowapproachBESTpreservesnon-repudiationforcustomertransactions?A.Split-knowledgeescrowwithanotaryandthebank’slegalcounsel.B.Hardwaresecuritymodule(HSM)thatreleaseskeysonlyunderdual-controlandcourtorder.C.Third-partycloudkey-managementservicewithgranularauditlogs.D.Symmetrickeybackupstoredinasealedenvelopeinaphysicalsafe.Answer:BExplanation:Non-repudiationrequiresthatkeyreleasebedemonstrablyunderindependent,trustedcontrol.AnHSMwithdual-controlandjudicialoversight(B)providesthestrongestevidencethatkeysarereleasedonlyunderdefined,auditableconditions.Split-knowledge(A)isstrongbutmaylacktamperevidence;cloudKMS(C)maynotsatisfyregulatorcustodyrules;envelope(D)offersnocryptographicenforcement.2.Multiple-ChoiceQuestions(2markseach)2.1WhichofthefollowingarePRIMARYobjectivesofacontrolself-assessment(CSA)workshop?A.Identifycontrolgapsbeforetheexternalaudit.B.Shiftownershipofcontrolstobusinessmanagers.C.Reduceoverallauditcostsby30%.D.ProvideauditevidencethatsatisfiesSOX404.E.Createaquantitativeriskmodel.Answer:A,BExplanation:CSAisafacilitatedtechniquetoengageprocessownersinidentifyingweaknesses(A)andtoembedcontrolownershipwithinthebusiness(B).Costreduction(C)isapossiblesideeffect,notaprimaryobjective;CSAalonedoesnotsatisfySOX404evidencerequirements(D);CSAisqualitative,notquantitative(E).2.2AcompanyusesaDevOpspipelinethatautomaticallypromotescodefromcommittoproductionwithin45minutes.Whichcontrolsmitigatetheriskofintroducingmaliciouscode?A.Mandatorypeerreviewbeforemerge.B.Staticapplication-securitytesting(SAST)gatedinthepipeline.C.Segregationofdutiesbetweendeveloperandreleaseengineer.D.Dynamictestinginastagingenvironmentthatmirrorsproduction.E.Cryptographicsigningofcontainerimagesbythesecurityteam.Answer:A,B,D,EExplanation:Inhigh-velocitypipelines,peerreview(A),SAST(B),dynamictesting(D),andimagesigning(E)providelayeredassurance.Traditionalsegregationofduties(C)isoftenimpracticalinpureDevOpsandisreplacedbytoolingandaudittrails.2.3AnISauditorisreviewingthesecurityofanorganization’sroboticprocessautomation(RPA)botsthathandlepayrolldata.WhichrisksareUNIQUEtoRPAcomparedwithlegacybatchscripts?A.Botsmaystorecredentialsininsecurecredentialvaults.B.Botscanamplifyfraudbyexecutingthousandsoftransactionsperminute.C.BotsmaybreakwhenUIelementsofunderlyingapplicationschange.D.Botsmaylackadequateloggingbecausetheyruninattendedmode.E.BotsmaybedevelopedbybusinessuserswithoutIToversight.Answer:B,C,EExplanation:Speed(B),UIfragility(C),andcitizendevelopment(E)areRPA-specific.Credentialvaults(A)andlogginggaps(D)alsoexistinlegacyscriptsbutarenotunique.2.4AmultinationalhasadoptedNISTSP800-53asitscontrolframework.WhichtasksMUSTbeperformedwhenanewprivacylawbecomeseffectiveinajurisdictionwherethecompanyoperates?A.Mapnewlegalarticlestoexistingcontrols.B.Conductaprivacy-impactassessment(PIA).C.Updatethecontroloverlayintheenterpriseriskregister.D.Re-certifyallthird-partysuppliersagainstISO27701.E.Reclassifyalldatastoresthatcontainpersonaldata.Answer:A,B,CExplanation:Mapping(A),PIA(B),andoverlayupdates(C)arerequiredtointegratenewlegalrequirementsintotheNISTlifecycle.ISO27701certification(D)isvoluntary;reclassification(E)isdoneonlyifthelawintroducesnewcategories.2.5WhichofthefollowingprovideOBJECTIVEevidencethatasecurity-operationscenter(SOC)ismeetingitsservice-levelagreement(SLA)of15minutes“timetotriage”?A.SIEMtimestampsofalertcreationandanalystacknowledgement.B.MonthlyKPIdashboardsignedbytheSOCmanager.C.Ticketing-systemaudittrailshowingalertqueueduration.D.Randomsampleoffivealertsreviewedbytheinternalauditteam.E.Pen-testreportshowingmean-time-to-detectof10minutes.Answer:A,CExplanation:Timestamps(A)andticketingaudittrails(C)aresystem-generatedandthereforeobjective.Dashboards(B)canbemanuallyadjusted;asample(D)isevidencebutnotcontinuous;pen-testMTTD(E)measuresdetection,nottriage.3.Scenario-BasedQuestions(5markseach)Scenario3.1Aregionalbankhasoutsourceditsmortgage-loanoriginationsystem(LOS)toaSaaSprovider.Thecontractincludesaright-to-auditclause.Duringthe2025audit,theISauditorobtainstheprovider’slatestSOC2TypeIIreport,whichcoverstheperiod1Oct2024–31Mar2025.Thereportliststwoexceptions:1.Background-checkpolicyfornewhiresnotconsistentlyappliedacrosstwooffivegeographicregions.2.Multi-factorauthentication(MFA)wasdisabledfor18hourson3Feb2025for7%ofsystemadministratorsduetoamisconfiguredconditional-accessrule.Thebank’sinternalriskassessmentratestheLOSasa“high-risk”systembecauseitstoresborrowertaxreturns,creditreports,andpropertyappraisals.Thebank’sdata-classificationpolicylabelsthesedatacategoriesas“restricted.”Required:a.IdentifythreeadditionalprocedurestheISauditorshouldperformbeforerelyingontheSOC2report.b.Evaluatewhetherthetwoexceptionsarematerialtothebank’scompliancewithGLBASafeguardsRule.c.Recommendtwocompensatingcontrolsthebankcouldimplementifitacceptstheexceptions.Answer:a.Additionalprocedures1.Validateuserentitycontrols:Confirmthatthebankperformsitsownreviewsofuseraccesslistsandmonitorsprivilegedactivity,becauseSOC2coversonlytheserviceorganization.2.Complementarysubserviceorganizations:Determinewhetheranysubprocessors(e.g.,e-signatureorcredit-bureauinterfaces)areexcludedfromtheSOC2boundaryand,ifso,obtainassurance.3.Bridgeletter:Obtainaletterfromtheprovidercovering1Apr2025tothecurrentdate,becausetheSOC2periodends31Mar2025andtheauditisconductedinMay2025.b.MaterialityevaluationGLBASafeguardsRule(16CFR314)requiresfinancialinstitutionstoensurethatserviceprovidersimplementappropriatesafeguards.Exception1(backgroundchecks)islessmaterialbecauseaccessrevocationanddetectivecontrols(e.g.,SIEM)maymitigateinsiderrisk.Exception2(MFAdisabled)ismaterialbecauseitallowedprivilegedaccesswithoutstrongauthentication,directlyincreasingthelikelihoodofunauthorizedaccesstorestrictedcustomerdata.c.Compensatingcontrols1.ImplementaquarterlymanualreviewofSaaSadminlogs,performedbythebank’ssecurityteam,withanomaliesescalatedwithin24hours.2.RequiretheSaaSprovidertosubmittoanannualISO27001certificationwithnomajornonconformitiesinaccesscontrol,effectivelyraisingtheattestationbaraboveSOC2.Scenario3.2AcitygovernmentdeployedanInternet-of-Things(IoT)meshnetworktomanage12,000streetlights.EachlightcontainsaRaspberryPi-basedcontrollerthatconnectsvia6LoWPANtoaborderrouter.ThefirmwareupdateprocessusesunencryptedCoAP(ConstrainedApplicationProtocol)multicast.Anattackerwithin100meterscansendaforgedupdatecommandthatcausesthelamptoblinkSOSinMorsecode,creatingpublicpanic.TheISauditorisaskedtoevaluatethesecurityofthefirmware-updatemechanism.Required:a.Identifytwocontroldeficiencies.b.Describetwopracticalcontrolsthatmitigatetheriskwithoutchangingthehardware.c.Provideonetestproceduretoverifythatthenewcontrolsareeffective.Answer:a.Controldeficiencies1.Lackofcryptographicauthenticationoffirmwareimages,allowinganynodetoacceptmaliciouscode.2.Useofunencryptedmulticast,enablingpacketinterceptionandreplay.b.Practicalcontrols1.ImplementfirmwaresigningusingECDSAwitha256-bitkeystoredintheborderrouter;devicesrejectupdateslackingavalidsignature.2.Addatime-basedone-timepassword(TOTP)nonceineachupdatepacket,synchronizedthroughtheborderrouter’ssecureNTP,preventingreplay.c.TestprocedureCapturetrafficduringascheduledupdatewindowusingasoftware-defined-radio(SDR)sniffer.AttempttoinjectapreviouslycapturedupdatepacketwithanexpiredTOTP.Verifythatthelampignoresthepacketandlogsanauthentication-failureeventretrievableviathecity’scentralmanagementconsole.4.CaseStudy(10marks)Case:2025RansomwareResilienceReviewat“GlobalTech”GlobalTechmanufacturessensorsin14countries.On2Jan2025,itsKoreanplantsufferedaHiveransomwarevariantthatencrypted400Windows-basedOTworkstations.Theincidentspreadfromanengineer’slaptopviaSMBoverflatLayer-2networksegmentation.Theplantwasofflinefor72hours,causinga$38millionrevenueloss.YouaretheleadISauditor.Managementhasimplementedthefollowingpost-incidentimprovements:-DeployedEDRon100%ofOTworkstations.-SegregatedtheOTnetworkintofiveVLANswithPaloAltofirewalls.-ImplementedVeeamimmutablebackupswithsnapshotseverysixhours.-Conductedared-teamexercisethatobtaineddomain-adminprivilegesin4hours.Yourtask:1.Identifythreeresidualhighrisks.2.Foreachrisk,designonesubstantivetest.3.Recommendonekeyperformanceindicator(KPI)thattheboardshouldmonitorquarterly.Answer:1.Residualhighrisksa.ActiveDirectory(AD)privilegeescalationpathstillexists;red-teamcompromisein4hoursindicatesADtieringanddelegationflaws.b.OTVLANsallowRDPfromthecorporateITnetworkfor“remotesupport,”creatingabridgeformalware.c.Backuprestorationhasneverbeentestedatfullscale;immutablesnapshotsdonotguaranteerecoverabilitywithinthe12-hourRTOrequiredbythedisaster-recoveryplan.2.Substantivetestsa.ExtractADreplicationmetadataforthelast30daysandidentifyaccountswith“DCSync”rights;verifythateachisapproved,monitored,andprotectedbyMFA.b.Performafirewallrulereviewandpacketwalk:fromacorporatejumphost,attemptRDPtoarandomOTworkstation;ifsuccessful,maptheruleanddeterminebusinessjustification.c.Scheduleasurpriserestorationdrill:restorethelargest50TBfileserverfrombackupstoanisolatednetwork,measureRPOachieved(shouldbe≤6hours)andRTO(shouldbe≤12hours).3.Board-levelKPI“PercentageofcriticalOTsystemsforwhichafullrestorationfromimmutablebackupswassuccessfullydemonstratedwithintheRTOduringthequarter.”Target:100%.5.Short-AnswerQuestions(3markseach)5.1Explainwhy“right-sizing”virtualmachinesinapubliccloudcanimprovesecurityposture.Answer:Over-provisionedVMsoftenrununnecessaryservicesandopenportsthatexpandtheattacksurface.Right-sizingforcesareviewofactualresourceneeds,allowinghardeningbaselinesthatdisableunuseddaemonsandreduceoutboundInternetaccess,therebyshrinkingtheblastradiusofcompromise.5.2Distinguishbetween“securitygovernance”and“securitymanagement”inthecontextofCOBIT2019.Answer:Governanceensuresthatstakeholderneedsareevaluatedanddirectionissetthroughprioritizationanddecision-making(Evaluate,Direct,Monitor).Managementplans,builds,runs,andmonitorscapabilitiestoachievethegovernance-setdirection(Plan,Build,Run,Monitor).Inshort,governanceasks“arewedoingtherightthings?”whereasmanagementasks“arewedoingthingsright?”5.3Statetworeasonswhyblockchainsmart-contractimmutabilitycanbeacontrolweaknessratherthanastrength.Answer:1.Codebugscannotbepatchedwithoutdeployinganewcontract,leavingexploitedvulnerabilitiesopenindefinitely.2.Legalorregulatorychangescannotbereflectedincontractlogic,potentiallycausingnon-complianceafterthefact.5.4Acompany’svulnerability-managementpolicyrequiresthatall“critical”CVEsbepatchedwithin14days.TheCIOarguesthatCVE-2025-9999,thoughratedcriticalbythevendor,hasnoexploitcodepubliclyavailable.Provideoneauditresponsethatupholdsthepolicywithoutcreatingbusinessdisruption.Answer:Requestaformalrisk-acceptancedocumentsignedbytheCIOthatdetailscompensatingcontrols(e.g.,virtualpatchingviaWAF,IPSsignature)andatimelineforpermanentremediationwithinthe14-daywindow,therebymaintainingpolicycompliancewhileacknowledgingexploitabilityanalysis.5.5IdentifyoneprivacyprincipleunderGDPRthatisNOTexplicitlylistedunderOECDGuidelines1980,andjustifyitsinclusioninmodernframeworks.Answer:Therighttoerasure(“righttobeforgotten”)iscodifiedinGDPRArticle17butabsentfromOECD1980.Itsinclusionaddressesthepermanenceofdigitaldataandthepowerimbalancebetweendatasubjectsandpowerfuldataaggregators,reflectingmodernsocietalvaluesonautonomy.6.Drag-and-Match(2markseach)Matcheachloganomaly(left)totheMITREATT&CKtechniqueitBESTindicates(right).Writetheletterinthebracket.6.1svchost.exespawnspowershell.exewithencodedcommand“-encUgBlAGcAcwB0AGUAcgAt…”→()6.2Authenticationlogsshow200logonfailuresfollowedbyasuccessforuser“svc_backup”fromIP5→()6.3WindowsEventID4670:permissionsonC:\Windows\System32\winevt\Logschangedbynon-adminaccount→()6.4OutboundHTTPStrafficto00withJA3fingerprintmismatchforChromebutUser-AgentclaimsChrome→()6.5RegistrykeyHKLM\Software\Microsoft\Windows\CurrentVersion\Runupdatedtoinclude“C:\Temp\sv.exe”→()A.BruteForce(T1110)B.IndicatorRemovalonHost(T1070)C.PowerShell(T1059.001)D.CommandandControl(T1071.001)E.BootorLogonAutostartExecution(T1547.001)Answers:6.1→C6.2→A6.3→B6.4→D6.5→E7.CalculationQuestion(4marks)7.1Acredit-cardprocessorstores6millioncardholderrecords.Theannualizedrateofexposure(ARO)foraweb-applicationbreachis0.8.Thesinglelossexpectancy(SLE)hasbeencalculatedat$4.2million.Managementisconsideringaweb-applicationfirewall(WAF)thatreducestheAROto0.2andcosts$220,000peryear.Calculatetheannualizedlossexpectancy(ALE)beforeandaftertheWAF,anddeterminetheROIoftheWAFinvestmentwithinoneyear.Solution:ALE_before=ARO×SLE=0.8×$4.2M=$3.36MALE_after=0.2×$4.2M=$0.84MRiskreduction=$3.36M–$0.84M=$2.52MROI=(Riskreduction–Cost)/Cost=($2.52M–$0.22M)/$0.22M=1045%Conclusion:TheWAFpaysforitselfmorethantentimesinthefirstyear.8.EmergingTechnologyQuestion(5marks)8.1Quantum-computingadvancesthreatenthe2048-bitRSAkeysusedbyGlobalTech’senterprisecertificateauthority(CA).TheCAissuescertificatesfor3-yearlifetimes.NISTpredictsthatcryptographicallyrelevantquantumcomputers(CRQCs)willemergeby2032.Required:a.Estimatethemaximumremaininglifetimeforwhichnew2048-bitRSAcertificatescanbeissuedtodaywithoutquantumexposure.b.Identifyonepost-quantumalgorithmselectedbyNISTin2022forkeyencapsulation.c.ProvideoneauditproceduretoverifythattheCA’skey-inventorydatabaseisreadyforcrypto-agility.Answer:a.2032–2025=7years,butcertificatesissuedtodaymaystillbevalidin2028–2031.Toavoidquantumrisk,maximumsafelifetime=2032–2025–1(safetymargin)=6years.Therefore,certificatesissuedafter2026shouldalreadybepost-quantum.b.CRYSTALS-KYBE