[Cisspstudy] Databases and cryptography
Mike Archuleta
mlarchuleta at gmail.com
Sat Sep 19 19:51:30 EDT 2009
Oh yeah!!! The test really quizes you on subject matter. Even though
I passed on the first try I wasn't entirely happy with the experience.
Sent from my iPhone
On Sep 19, 2009, at 5:41 PM, Andrea Gatta <andrea.gatta at gmail.com>
wrote:
> So I guess I should actually watch out for these sort of questions
> in the real exam...
>
> Andrea
>
> On Sun, Sep 20, 2009 at 12:28 AM, Mike Archuleta <mlarchuleta at gmail.com
> > wrote:
> I remember this question. It is the most correct answer based on
> wording. After realizing that answer included placed with autorized
> users.
>
> I think I argued with myself for five minutes. Who places a
> database near authorized users? I put a database in the data center
> with aal my servers and backup systems.
>
> Sent from my iPhone
>
> On Sep 19, 2009, at 5:19 PM, Andrea Gatta <andrea.gatta at gmail.com>
> wrote:
>
>> Well, same here.
>>
>> Unfortunately the question is from the official ISC2 guide, page
>> 747 ;-)
>>
>> Point is, any chance they got it wrong ?
>>
>> Andrea
>>
>> On Sun, Sep 20, 2009 at 12:15 AM, Mike Archuleta <mlarchuleta at gmail.com
>> > wrote:
>> I would think niether improve or reduce availability. I don't
>> think if crypto as an availability feature.
>>
>> Sent from my iPhone
>>
>>
>> On Sep 19, 2009, at 5:06 PM, Andrea Gatta <andrea.gatta at gmail.com>
>> wrote:
>>
>> Hi there,
>> I am wondering if anyone could shed a light on the following
>> question (and answer):
>>
>> In terms of databases, cryptography can:
>>
>> - only restrict and reduce availability
>>
>> - improve availability by allowing data to be easily placed where
>> authorized users can access it
>>
>> - improve availability by increasing the granularity of the access
>> controls
>>
>> - neither reduce or improve availability
>>
>>
>> As far as the author of the question is concerned the correct
>> answer is: "improve availability by allowing data to be easily
>> placed where authorized users can access it"
>>
>> The only reason I can think of for the answer to have a sense is
>> that cryptography protects a resource from unauthorized users
>> access through the mean of concealing its content.
>>
>> With a very long shot one could say that the resource would be
>> "available" just to authorizaed users. Which means that this
>> question uses "availability" in a very extensive - and I would add
>> divious - way.
>>
>> As far as I am concerned encryption does provide confidentiality
>> and integrity as natural security services.
>>
>> Thoughts ?
>>
>> Thanks
>> Andrea
>> _______________________________________________
>> cisspstudy mailing list
>> cisspstudy at cccure.org
>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>
>> _______________________________________________
>> cisspstudy mailing list
>> cisspstudy at cccure.org
>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>
>> _______________________________________________
>> cisspstudy mailing list
>> cisspstudy at cccure.org
>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090919/449aae5a/attachment.html>
More information about the cisspstudy
mailing list