Industry-tested and accepted standards include AES (128 bits and higher), RSA (2048 bits and higher), ECC (224 bits and higher). Which option best reflects this statement?

• A. They exclude RSA from acceptable algorithms.
• B. They only apply to symmetric encryption.
• C. They include AES (128 bits and higher), RSA (2048 bits and higher), ECC (224 bits and higher).
• D. They require only hash functions.

Answer: (C)

Industry standards recognize a mix of symmetric and asymmetric algorithms with defined minimum key sizes. The statement that AES (128 bits and higher), RSA (2048 bits and higher), and ECC (224 bits and higher) are industry-tested reflects this reality. AES provides strong symmetric encryption; 128-bit keys are secure for most purposes and higher keys increase strength. RSA at 2048 bits has long been the baseline for public-key cryptography in many frameworks, and ECC with 224-bit keys offers comparable security with much shorter keys, making it efficient while still robust. Together, these reflect the common set of algorithms and minimum sizes accepted in security guidelines like PCI DSS. The other options don’t fit because excluding RSA omits a widely used public-key scheme; saying it applies only to symmetric encryption ignores the asymmetric algorithms; and requiring only hash functions misses the encryption algorithms entirely.