[CCCure CISSP] CISSPstudy Digest, Vol 20, Issue 1
Clement Dupuis
clement.dupuis at gmail.com
Wed Feb 10 19:16:57 EST 2010
The new Shon Harris CISSP AIO versus the old one.
Take care
Clement
Clément Dupuis, CD
CISSP, GCFW, GCIA, Security+, Q/EH, Q/SA, Q/PTL, CEH, ECSA, CCSA, MBNS,
MBIS, MBHS, CCSE, ACE
----------------------------------------------------------------------------------------------
In real life:
Senior Security Specialist and Instructor
Security University
>> Call me to get the best CISSP training <<
----------------------------------------------------------------------------------------------
In Cyberspace:
President/Security Evangelist/Chief Learning Officer (CLO)
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Business: 407 479 3903
Fax: 407 264 8396
Cell: 407 433 6444
Maintainer of :
The CISSP and SSCP Open Study Guides Web Site
http://www.cccure.org
The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org
Knowledge sharing and giving back to the community
On Wed, Feb 10, 2010 at 19:09, gerritsjs <gerritsjs at gmail.com> wrote:
> What are we talking about?
>
> -----Original Message-----
> From: cisspstudy-bounces at cccure.org [mailto:cisspstudy-bounces at cccure.org]
> On Behalf Of twitwicki at hannaford.com
> Sent: Wednesday, February 10, 2010 11:23 AM
> To: cisspstudy at cccure.org
> Subject: Re: [CCCure CISSP] CISSPstudy Digest, Vol 20, Issue 1
>
>
>
> Shibin,
> I have both versions. There is a new and useful glossary in V5 and a
> new appendix describing an emerging vulnerability standard which doesn't
> seem like it would be included in the exam. Other than these two, I wasn't
> able to easily see what had been added or enhanced which might be reflected
> on the exam. I did look at the Common Criteria (EAL1-7) in detail because
> it seems like there is increasing adoption of this over the TCSEC Oragne
> Book, but I couldn't see any difference in the treatment.
>
> Tom Witwicki, CIPP
> Director, Information Security
> Hannaford Bros. Co.
> 207-885-2073
>
> Join me on Linkedin!
> http://www.linkedin.com/in/tomwitwicki
>
>
>
>
>
>
>
> cisspstudy-reques
> t at cccure.org
> Sent by: To
> cisspstudy-bounce cisspstudy at cccure.org
> s at cccure.org cc
>
> Subject
> 02/10/2010 01:00 CISSPstudy Digest, Vol 20, Issue 1
> PM
>
>
> Please respond to
> cisspstudy at cccure
> .org
>
>
>
>
>
>
> Send CISSPstudy mailing list submissions to
> cisspstudy at cccure.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> or, via email, send a message with subject or body 'help' to
> cisspstudy-request at cccure.org
>
> You can reach the person managing the list at
> cisspstudy-owner at cccure.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of CISSPstudy digest..."
>
>
> Today's Topics:
>
> 1. Re: cisspstudy Digest, Vol 19, Issue 23 (Shibin Thomas)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 10 Feb 2010 22:00:17 +0400
> From: Shibin Thomas <shibinthomas at gmail.com>
> To: cisspstudy at cccure.org
> Subject: Re: [CCCure CISSP] cisspstudy Digest, Vol 19, Issue 23
> Message-ID:
> <4c1695c81002101000t58d5052s2d2c9ae25238b0a7 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi All,
>
> Is there any change the topics because of new release of books.
>
> Regards
>
>
> Shibin
>
> On Thu, Jan 21, 2010 at 9:00 PM, <cisspstudy-request at cccure.org> wrote:
>
> > Send cisspstudy mailing list submissions to
> > cisspstudy at cccure.org
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> > or, via email, send a message with subject or body 'help' to
> > cisspstudy-request at cccure.org
> >
> > You can reach the person managing the list at
> > cisspstudy-owner at cccure.org
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of cisspstudy digest..."
> >
> >
> > Today's Topics:
> >
> > 1. Re: cisspstudy Digest, Vol 19, Issue 18 (Holland, Brandon)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Wed, 20 Jan 2010 14:06:11 -0600
> > From: "Holland, Brandon" <hollandb at frmaint.com>
> > To: "The CISSP Study Mailing list" <cisspstudy at cccure.org>
> > Subject: Re: [Cisspstudy] cisspstudy Digest, Vol 19, Issue 18
> > Message-ID:
> > <58B3233454132D468C5F0D655003DA6410F891EA at MAIL.frmaint.com>
> > Content-Type: text/plain; charset="us-ascii"
> >
> > That's what stinks about a lot of these questions... because you can
> > understand everything there is to know about the keys and types of keys
> > and still can miss it because you didn't know how the question author
> > wanted you to interpret the question... but this is great is at least
> > whether or not u get this question wrong, it will help to concrete the
> > underlying concepts in your head (the actual important thing, much
> > better than getting a question right on a test)
> >
> > Saying all this, I think this is a little over-blown... over
> > analyzed... I think the author put "fully" not for you to ensure you
> > count the same key each time it's used, but to make sure you really know
> > asymmetric and don't use the symmetric key formula on it instead... you
> > only need 20 keys in total to fully communicate to every person, no
> > matter how many times those keys are used. Also, it says how many keys
> > are 'required' not how many times they are 'used'
> >
> >
> >
> > -----Original Message-----
> > From: cisspstudy-bounces at cccure.org
> > [mailto:cisspstudy-bounces at cccure.org] On Behalf Of gerritsjs
> > Sent: Wednesday, January 20, 2010 12:07 PM
> > To: 'The CISSP Study Mailing list'
> > Subject: Re: [Cisspstudy] cisspstudy Digest, Vol 19, Issue 18
> >
> > Tom;
> >
> > Let us put it in perspective. Let us assume that you have made two
> > keys
> > to your house (i.e one public key and one private key).... that is two.
> > You
> > plan to take a vacation for nine/ten days. You have asked 9 friends of
> > yours
> > to watch the house, while you are away. You have given your public key
> > to a
> > trusted entity (i.e., your aunt/uncle) and told her that you have
> > identified
> > 9 friends to watch your house while you are away and that she is to
> > provide
> > your friends with the public key to your house.
> >
> > To use the asymmetric logic, the trusted entity must not duplicate the
> > key
> > and that the "trusted" person who is responsible for watching the house
> > returns the key to the trusted entity upon completion of his/her watch,
> > so
> > that the next "trusted" person can obtain the key and watch the house
> > for
> > you. Using this logic, I agree that the number of keys is still 2.
> >
> > When reading the question, it appears that each of your 9 friends has
> > the
> > key to your house (even though they are duplicates), while you are away.
> > And that, let us say, your condo is in New York and that your friends
> > are
> > scattered throughout the United States, and you entrusted them with your
> > condo of $2 Million in New York. That is, your friends are in Chicago,
> > Washington D.C., Ann Arbor, Dallas, Miami, etc. The trusted entity is
> > in
> > Los Angeles. Question: Is the asymmetric logic still applicable?
> >
> > jonus
> >
> >
> > -----Original Message-----
> > From: cisspstudy-bounces at cccure.org
> > [mailto:cisspstudy-bounces at cccure.org]
> > On Behalf Of twitwicki at hannaford.com
> > Sent: Wednesday, January 20, 2010 6:20 AM
> > To: cisspstudy at cccure.org
> > Subject: Re: [Cisspstudy] cisspstudy Digest, Vol 19, Issue 18
> >
> >
> >
> > Janus,
> >
> > Thank you for adding your explanation of the question. I can see the
> > logic
> > and your formula makes it easy to understand, but should the public keys
> > be
> > counted as separate for each participant? Aren't they really just the
> > same
> > public key used by the 10 participants? The fact that Asymmetric
> > encryption is described as more scalable than symmetric also points to
> > this. If the were a symmetric case, the keys needed would be 45 .
> > There
> > is a also an example in the ISC2 guide which supports the approach which
> > leads to the answer of 20.
> >
> > Tom Witwicki, CIPP
> > Director, Information Security
> > Hannaford Bros. Co.
> > 207-885-2073
> >
> > Join me on Linkedin!
> > http://www.linkedin.com/in/tomwitwicki
> >
> >
> >
> >
> >
> >
> >
> >
> > cisspstudy-reques
> >
> > t at cccure.org
> >
> > Sent by:
> > To
> > cisspstudy-bounce cisspstudy at cccure.org
> >
> > s at cccure.org
> > cc
> >
> >
> >
> > Subject
> > 01/19/2010 05:53 cisspstudy Digest, Vol 19, Issue
> > 18
> > PM
> >
> >
> >
> >
> >
> > Please respond to
> >
> > cisspstudy at cccure
> >
> > .org
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Send cisspstudy mailing list submissions to
> > cisspstudy at cccure.org
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> > or, via email, send a message with subject or body 'help' to
> > cisspstudy-request at cccure.org
> >
> > You can reach the person managing the list at
> > cisspstudy-owner at cccure.org
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of cisspstudy digest..."
> >
> >
> > Today's Topics:
> >
> > 1. Re: cisspstudy Digest, Vol 19, Issue 16 (gerritsjs)
> > 2. Re: cisspstudy Digest, Vol 19, Issue 16 (Saurabh Bhargava)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Tue, 19 Jan 2010 14:02:56 -0800
> > From: "gerritsjs" <gerritsjs at gmail.com>
> > To: "'The CISSP Study Mailing list'" <cisspstudy at cccure.org>,
> > "'Nimal
> > Gunarathna'" <ng949 at yahoo.com>
> > Subject: Re: [Cisspstudy] cisspstudy Digest, Vol 19, Issue 16
> > Message-ID: <4b562c14.0c07560a.29a4.ffffa51a at mx.google.com>
> > Content-Type: text/plain; charset="us-ascii"
> >
> > Nimal, Tom;
> >
> > The question is "fully" communicated. Within a community of 10 users,
> > each user will have one private key. So we have 10 private keys.
> > Public
> > keys are as follows:
> > For each user, there are 10 public keys. 10 users imply 100 public
> > keys.
> > This makes a total of 110 keys.
> >
> > Think of a Mesh Technology.
> >
> > Jonus
> >
> > -----Original Message-----
> > From: cisspstudy-bounces at cccure.org
> > [mailto:cisspstudy-bounces at cccure.org]
> > On Behalf Of twitwicki at hannaford.com
> > Sent: Tuesday, January 19, 2010 1:23 PM
> > To: Nimal Gunarathna
> > Cc: cisspstudy at cccure.org
> > Subject: Re: [Cisspstudy] cisspstudy Digest, Vol 19, Issue 16
> >
> >
> >
> > Hi Nimal,
> > I followed the same logic as you on this question. In order to
> > get
> > to the 110 answer each public key would have to be counted each time
> > it's
> > used which doesn't make sense. I've come across other examples from
> > this
> > book that are very questionable, which leads me to believe that the
> > questions and answers have not been thouroughly vetted. Thank you for
> > the
> > reply.
> >
> > Tom Witwicki, CIPP
> > Director, Information Security
> > Hannaford Bros. Co.
> > 207-885-2073
> >
> > Join me on Linkedin!
> > http://www.linkedin.com/in/tomwitwicki
> >
> >
> >
> >
> >
> >
> >
> > Nimal Gunarathna
> > <ng949 at yahoo.com>
> >
> > To
> > 01/19/2010 04:07 cisspstudy at cccure.org
> > PM
> > cc
> > twitwicki at hannaford.com
> >
> > Subject
> > Re: cisspstudy Digest, Vol 19,
> > Issue 16
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Hi Tom,
> >
> >
> > This question puzzles me..
> >
> > In an asymmetric system how many keys are required for 10 users to
> > fully
> >
> > communicate?
> >
> >
> > Every user has a one private and a one public key. I can send my same
> >
> > public
> >
> > key to all others. For 10 people, 20 keys are needed.. I am not sure
> > how
> >
> > 110 come from?
> >
> > Is this a private com session or just a different comm session with
> > each
> >
> > pair?
> >
> >
> > Thanks,
> >
> >
> > Nimal Gunarathna
> >
> >
> >
> >
> > --- On Tue, 1/19/10, cisspstudy-request at cccure.org
> >
> > <cisspstudy-request at cccure.org> wrote:
> >
> >
> > From: cisspstudy-request at cccure.org <cisspstudy-request at cccure.org>
> >
> > Subject: cisspstudy Digest, Vol 19, Issue 16
> >
> > To: cisspstudy at cccure.org
> >
> > Date: Tuesday, January 19, 2010, 11:00 AM
> >
> >
> > Send cisspstudy mailing list submissions to
> >
> > cisspstudy at cccure.org
> >
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> >
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> > or, via email, send a message with subject or body 'help' to
> >
> > cisspstudy-request at cccure.org
> >
> >
> > You can reach the person managing the list at
> >
> > cisspstudy-owner at cccure.org
> >
> >
> > When replying, please edit your Subject line so it is more specific
> >
> > than "Re: Contents of cisspstudy digest..."
> >
> >
> >
> > Today's Topics:
> >
> >
> > 1. cisspstudy - Cryptography questions (twitwicki at hannaford.com)
> >
> > 2. Re: New to CISSP Cert (Mark Price)
> >
> > 3. Re: New to CISSP Cert (jack wang)
> >
> > 4. Re: New to CISSP Cert (Jeronimo Zucco)
> >
> >
> >
> > ----------------------------------------------------------------------
> >
> >
> > Message: 1
> >
> > Date: Mon, 18 Jan 2010 14:48:26 -0500
> >
> > From: twitwicki at hannaford.com
> >
> > To: cisspstudy at cccure.org
> >
> > Subject: [Cisspstudy] cisspstudy - Cryptography questions
> >
> > Message-ID:
> >
> > <
> >
> >
> > OF8F407D94.BBDB76DE-ON852576AF.006B4314-852576AF.006CCD97 at hannaford.com>
> >
> >
> > Content-Type: text/plain; charset=US-ASCII
> >
> >
> >
> >
> > Hello all,
> >
> > I'd like your thoughts on these questions from Michael Gregg's
> >
> > CISSP
> >
> > Practice questions:
> >
> >
> > In an asymmetric system how many keys are required for 10 users to
> > fully
> >
> > communicate?
> >
> >
> > A. 10
> >
> > B. 20
> >
> > C. 45
> >
> > D 110
> >
> >
> > The answer states D. 110 - "Each user would have his private, phus
> > his
> >
> > public key, plus each of the nine other public keys"
> >
> > Shouldn't the answer be B. 20 because the public keys is only couned
> >
> > once
> >
> > for each private/public pair? This also seems consistent with the
> >
> > formula
> >
> > for symmetric keys: N(N-1)/2 where N is the number of users needing to
> >
> > communicate. In this case the secret key is only counted once even if
> >
> > it's
> >
> > shared between users.
> >
> >
> >
> > Here's another question that has me puzzled:
> >
> >
> > Which cryptographic system can be used for integrity, authenticity and
> >
> > non-repudiation?
> >
> >
> > A. Asymmetric encryption
> >
> > B. Symmetric encryption
> >
> > C. Hashing
> >
> > D. None of the above
> >
> >
> > The answers states A. Asymmetric. Shouldn't the answer be D. None of
> > the
> >
> > above because Hashing is needed for integrity?
> >
> >
> > Your thoughts will be much appreciated.
> >
> >
> >
> > Tom Witwicki, CIPP
> >
> > Director, Information Security
> >
> > Hannaford Bros. Co.
> >
> > 207-885-2073
> >
> >
> > Join me on Linkedin!
> >
> > http://www.linkedin.com/in/tomwitwicki
> >
> >
> >
> >
> >
> >
> >
> >
> > ------------------------------
> >
> >
> > Message: 2
> >
> > Date: Mon, 18 Jan 2010 21:47:45 +0000
> >
> > From: "Mark Price" <prinext at gmail.com>
> >
> > To: "The CISSP Study Mailing list" <cisspstudy at cccure.org>
> >
> > Subject: Re: [Cisspstudy] New to CISSP Cert
> >
> > Message-ID:
> >
> > <
> >
> >
> > 1180962559-1263851266-cardhu_decombobulator_blackberry.rim.net-147941822
> > -
> >
> > @bda153.bisx.prod.on.blackberry>
> >
> >
> > Content-Type: text/plain
> >
> >
> > I have heard each edition is an update of the previous plus more of
> > the
> >
> > latest technology and or standards.
> >
> > I have the 4th and the DVD set, they plus cccure.org worked for me.
> >
> > V/r,
> >
> >
> > Mark Price
> >
> > PRINEXT
> >
> > c:240-743-7654
> >
> > mprice at prinext.com
> >
> > www.prinext.com
> >
> >
> > -----Original Message-----
> >
> > From: Cert Prep <bugtraq.mailbox at gmail.com>
> >
> > Date: Mon, 18 Jan 2010 13:22:40
> >
> > To: The CISSP Study Mailing list<cisspstudy at cccure.org>
> >
> > Subject: Re: [Cisspstudy] New to CISSP Cert
> >
> >
> > Thanks Jeronimo. I will listen to it.
> >
> >
> > I have Shon Harris Second Edition which I bought many years back. I
> >
> > have heard that 5th edition is about to come. Is it ok to prepare from
> >
> > second edition until 5th edition is out? Does anybody know the
> >
> > differences between 2nd and 4th? I am sure there will be many but are
> >
> > those drastic to the extent that I will have to revise the stuff,
> >
> > which I have already gone through using second edition, from 5th
> >
> > edition once it is published?
> >
> >
> > Any help would be appreciated.
> >
> >
> > Thanks.
> >
> > Adam
> >
> >
> > On Mon, Jan 18, 2010 at 12:51 PM, Jeronimo Zucco <jczucco at gmail.com>
> >
> > wrote:
> >
> > > 2010/1/18 Cert Prep <bugtraq.mailbox at gmail.com>:
> >
> > >> Hi Folks,
> >
> > >>
> >
> > >> I am planning to prepare for CISSP Cert and would like to know
> > which
> >
> > >> book or material is best for the preparations.
> >
> > >
> >
> > >
> >
> > > http://www.cccure.org/flash/intro/player.html
> >
> > >
> >
> > >
> >
> > >
> >
> > > --
> >
> > > Jeronimo Zucco
> >
> > > http://jczucco.blogspot.com
> >
> > >
> >
> > > _______________________________________________
> >
> > > cisspstudy mailing list
> >
> > > cisspstudy at cccure.org
> >
> > > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> > >
> >
> >
> > _______________________________________________
> >
> > cisspstudy mailing list
> >
> > cisspstudy at cccure.org
> >
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> >
> > ------------------------------
> >
> >
> > Message: 3
> >
> > Date: Tue, 19 Jan 2010 20:05:00 +0800
> >
> > From: jack wang <windjie at gmail.com>
> >
> > To: The CISSP Study Mailing list <cisspstudy at cccure.org>
> >
> > Subject: Re: [Cisspstudy] New to CISSP Cert
> >
> > Message-ID:
> >
> > <3c43566f1001190405t2bfd204as4a953dd160a5b92b at mail.gmail.com>
> >
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> >
> > Shon Harris Second Edition,plus www.cccure.org,they are enough
> >
> > -------------- next part --------------
> >
> > An HTML attachment was scrubbed...
> >
> > URL: <
> >
> >
> > http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100119/0
> > d
> >
> > 0b7b8f/attachment-0001.html>
> >
> >
> > ------------------------------
> >
> >
> > Message: 4
> >
> > Date: Tue, 19 Jan 2010 10:34:19 -0200
> >
> > From: Jeronimo Zucco <jczucco at gmail.com>
> >
> > To: The CISSP Study Mailing list <cisspstudy at cccure.org>
> >
> > Subject: Re: [Cisspstudy] New to CISSP Cert
> >
> > Message-ID:
> >
> > <2d6b298c1001190434i6f1eb72ct1157b63b80fe9301 at mail.gmail.com>
> >
> > Content-Type: text/plain; charset=ISO-8859-1
> >
> >
> > All-in_one edition 5:
> >
> >
> >
> > http://www.amazon.com/CISSP-All-One-Guide-Fifth/dp/0071602178/ref=sr_1_2
> > ?
> >
> > ie=UTF8&s=books&qid=1263898897&sr=8-2
> >
> >
> > I always recommend the last edition, because of updates and
> >
> > corretions. Or you can read all erratas for your edition.
> >
> >
> > 2010/1/19 jack wang <windjie at gmail.com>:
> >
> > > ?Shon Harris Second Edition,plus www.cccure.org,they are enough
> >
> > >
> >
> >
> >
> > --
> >
> > Jeronimo Zucco
> >
> > http://jczucco.blogspot.com
> >
> >
> >
> >
> > ------------------------------
> >
> >
> > _______________________________________________
> >
> > cisspstudy mailing list
> >
> > cisspstudy at cccure.org
> >
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> >
> >
> > End of cisspstudy Digest, Vol 19, Issue 16
> >
> > ******************************************
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > cisspstudy mailing list
> > cisspstudy at cccure.org
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> >
> >
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Wed, 20 Jan 2010 04:23:33 +0530 (IST)
> > From: Saurabh Bhargava <catchbhargava at yahoo.com>
> > To: The CISSP Study Mailing list <cisspstudy at cccure.org>
> > Subject: Re: [Cisspstudy] cisspstudy Digest, Vol 19, Issue 16
> > Message-ID: <804072.93709.qm at web94803.mail.in2.yahoo.com>
> > Content-Type: text/plain; charset="utf-8"
> >
> > Jonus, here is the catch.
> >
> > you say " For each user, there are 10 public keys. 10 users imply 100
> > public keys" - but ALL these public keys are the same for all 10 users,
> > they aren't different so 10 users still will imply 10 Public keys , even
> > though author says "fully" communicate/Mesh technology.
> >
> > Tom, I would select the answers you've chosen for both the questions.
> >
> > Cheers, SB
> >
> >
> >
> > ________________________________
> > From: gerritsjs <gerritsjs at gmail.com>
> > To: The CISSP Study Mailing list <cisspstudy at cccure.org>; Nimal
> > Gunarathna
> > <ng949 at yahoo.com>
> > Sent: Tue, 19 January, 2010 22:02:56
> > Subject: Re: [Cisspstudy] cisspstudy Digest, Vol 19, Issue 16
> >
> > Nimal, Tom;
> >
> > The question is "fully" communicated. Within a community of 10 users,
> > each user will have one private key. So we have 10 private keys.
> > Public
> > keys are as follows:
> > For each user, there are 10 public keys. 10 users imply 100 public
> > keys.
> > This makes a total of 110 keys.
> >
> > Think of a Mesh Technology.
> >
> > Jonus
> >
> > -----Original Message-----
> > From: cisspstudy-bounces at cccure.org
> > [mailto:cisspstudy-bounces at cccure.org]
> > On Behalf Of twitwicki at hannaford.com
> > Sent: Tuesday, January 19, 2010 1:23 PM
> > To: Nimal Gunarathna
> > Cc: cisspstudy at cccure.org
> > Subject: Re: [Cisspstudy] cisspstudy Digest, Vol 19, Issue 16
> >
> >
> >
> > Hi Nimal,
> > I followed the same logic as you on this question. In order to
> > get
> > to the 110 answer each public key would have to be counted each time
> > it's
> > used which doesn't make sense. I've come across other examples from
> > this
> > book that are very questionable, which leads me to believe that the
> > questions and answers have not been thouroughly vetted. Thank you for
> > the
> > reply.
> >
> > Tom Witwicki, CIPP
> > Director, Information Security
> > Hannaford Bros. Co.
> > 207-885-2073
> >
> > Join me on Linkedin!
> > http://www.linkedin.com/in/tomwitwicki
> >
> >
> >
> >
> >
> >
> >
> > Nimal Gunarathna
> > <ng949 at yahoo.com>
> >
> > To
> > 01/19/2010 04:07 cisspstudy at cccure.org
> > PM
> > cc
> > twitwicki at hannaford.com
> >
> > Subject
> > Re: cisspstudy Digest, Vol 19,
> > Issue 16
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Hi Tom,
> >
> > This question puzzles me..
> > In an asymmetric system how many keys are required for 10 users to fully
> > communicate?
> >
> > Every user has a one private and a one public key. I can send my same
> > public
> > key to all others. For 10 people, 20 keys are needed.. I am not sure how
> > 110 come from?
> > Is this a private com session or just a different comm session with each
> > pair?
> >
> > Thanks,
> >
> > Nimal Gunarathna
> >
> >
> >
> > --- On Tue, 1/19/10, cisspstudy-request at cccure.org
> > <cisspstudy-request at cccure.org> wrote:
> >
> > From: cisspstudy-request at cccure.org <cisspstudy-request at cccure.org>
> > Subject: cisspstudy Digest, Vol 19, Issue 16
> >
> > To: cisspstudy at cccure.org
> > Date: Tuesday, January 19, 2010, 11:00 AM
> >
> > Send cisspstudy mailing list submissions to
> > cisspstudy at cccure.org
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> > or, via email, send a message with subject or body 'help' to
> >
> > cisspstudy-request at cccure.org
> >
> > You can reach the person managing the list at
> > cisspstudy-owner at cccure.org
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of cisspstudy digest..."
> >
> >
> > Today's Topics:
> >
> > 1. cisspstudy - Cryptography questions (twitwicki at hannaford.com)
> >
> > 2. Re: New to CISSP Cert (Mark Price)
> >
> > 3. Re: New to CISSP Cert (jack wang)
> > 4. Re: New to CISSP Cert (Jeronimo Zucco)
> >
> >
> >
> > ----------------------------------------------------------------------
> >
> >
> > Message: 1
> >
> > Date: Mon, 18 Jan 2010 14:48:26 -0500
> > From: twitwicki at hannaford.com
> > To: cisspstudy at cccure.org
> > Subject: [Cisspstudy] cisspstudy - Cryptography questions
> >
> > Message-ID:
> > <
> >
> > OF8F407D94.BBDB76DE-ON852576AF.006B4314-852576AF.006CCD97 at hannaford.com>
> >
> >
> > Content-Type: text/plain; charset=US-ASCII
> >
> >
> >
> >
> > Hello all,
> >
> > I'd like your thoughts on these questions from Michael Gregg's
> >
> > CISSP
> > Practice questions:
> >
> > In an asymmetric system how many keys are required for 10 users to
> > fully
> >
> > communicate?
> >
> >
> > A. 10
> > B. 20
> > C. 45
> > D 110
> >
> > The answer states D. 110 - "Each user would have his private, phus
> > his
> > public key, plus each of the nine other public keys"
> >
> > Shouldn't the answer be B. 20 because the public keys is only couned
> > once
> >
> > for each private/public pair? This also seems consistent with the
> >
> > formula
> > for symmetric keys: N(N-1)/2 where N is the number of users needing to
> >
> > communicate. In this case the secret key is only counted once even if
> >
> > it's
> >
> > shared between users.
> >
> >
> > Here's another question that has me puzzled:
> >
> >
> > Which cryptographic system can be used for integrity, authenticity and
> >
> > non-repudiation?
> >
> >
> > A. Asymmetric encryption
> >
> > B. Symmetric encryption
> >
> > C. Hashing
> >
> > D. None of the above
> >
> >
> > The answers states A. Asymmetric. Shouldn't the answer be D. None of
> > the
> >
> > above because Hashing is needed for integrity?
> >
> >
> > Your thoughts will be much appreciated.
> >
> >
> > Tom Witwicki, CIPP
> >
> > Director, Information Security
> >
> > Hannaford Bros. Co.
> > 207-885-2073
> >
> >
> > Join me on Linkedin!
> >
> > http://www.linkedin.com/in/tomwitwicki
> >
> >
> >
> >
> >
> >
> >
> >
> > ------------------------------
> >
> >
> > Message: 2
> >
> > Date: Mon, 18 Jan 2010 21:47:45 +0000
> > From: "Mark Price" <prinext at gmail.com>
> >
> > To: "The CISSP Study Mailing list" <cisspstudy at cccure.org>
> >
> > Subject: Re: [Cisspstudy] New to CISSP Cert
> > Message-ID:
> > <
> >
> > 1180962559-1263851266-cardhu_decombobulator_blackberry.rim.net-147941822
> > -
> >
> > @bda153.bisx.prod.on.blackberry>
> >
> >
> > Content-Type: text/plain
> >
> >
> > I have heard each edition is an update of the previous plus more of
> > the
> > latest technology and or standards.
> > I have the 4th and the DVD set, they plus cccure.org worked for me.
> > V/r,
> >
> >
> > Mark Price
> >
> > PRINEXT
> > c:240-743-7654
> >
> > mprice at prinext.com
> >
> > www.prinext.com
> >
> > -----Original Message-----
> >
> > From: Cert Prep <bugtraq.mailbox at gmail.com>
> > Date: Mon, 18 Jan 2010 13:22:40
> > To: The CISSP Study Mailing list<cisspstudy at cccure.org>
> > Subject: Re: [Cisspstudy] New to CISSP Cert
> >
> > Thanks Jeronimo. I will listen to it.
> >
> > I have Shon Harris Second Edition which I bought many years back. I
> > have heard that 5th edition is about to come. Is it ok to prepare from
> >
> > second edition until 5th edition is out? Does anybody know the
> >
> > differences between 2nd and 4th? I am sure there will be many but are
> > those drastic to the extent that I will have to revise the stuff,
> > which I have already gone through using second edition, from 5th
> >
> > edition once it is published?
> >
> > Any help would be appreciated.
> >
> >
> > Thanks.
> > Adam
> >
> >
> > On Mon, Jan 18, 2010 at 12:51 PM, Jeronimo Zucco <jczucco at gmail.com>
> >
> > wrote:
> >
> > > 2010/1/18 Cert Prep <bugtraq.mailbox at gmail.com>:
> >
> > >> Hi Folks,
> >
> > >>
> >
> > >> I am planning to prepare for CISSP Cert and would like to know
> > which
> > >> book or material is best for the preparations.
> > >
> > >
> > > http://www.cccure.org/flash/intro/player.html
> > >
> > >
> > >
> > > --
> >
> > > Jeronimo Zucco
> >
> > > http://jczucco.blogspot.com
> > >
> > > _______________________________________________
> > > cisspstudy mailing list
> > > cisspstudy at cccure.org
> > > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> > >
> >
> > _______________________________________________
> > cisspstudy mailing list
> > cisspstudy at cccure.org
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> >
> > ------------------------------
> >
> >
> > Message: 3
> >
> > Date: Tue, 19 Jan 2010 20:05:00 +0800
> > From: jack wang <windjie at gmail.com>
> > To: The CISSP Study Mailing list <cisspstudy at cccure.org>
> >
> > Subject: Re: [Cisspstudy] New to CISSP Cert
> > Message-ID:
> > <3c43566f1001190405t2bfd204as4a953dd160a5b92b at mail.gmail.com>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> >
> > Shon Harris Second Edition,plus www.cccure.org,they are enough
> >
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> >
> > URL: <
> >
> >
> > http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100119/0
> > d
> >
> > 0b7b8f/attachment-0001.html>
> >
> >
> > ------------------------------
> >
> >
> > Message: 4
> >
> > Date: Tue, 19 Jan 2010 10:34:19 -0200
> > From: Jeronimo Zucco <jczucco at gmail.com>
> >
> > To: The CISSP Study Mailing list <cisspstudy at cccure.org>
> >
> > Subject: Re: [Cisspstudy] New to CISSP Cert
> > Message-ID:
> > <2d6b298c1001190434i6f1eb72ct1157b63b80fe9301 at mail.gmail.com>
> > Content-Type: text/plain; charset=ISO-8859-1
> >
> >
> > All-in_one edition 5:
> >
> >
> > http://www.amazon.com/CISSP-All-One-Guide-Fifth/dp/0071602178/ref=sr_1_2
> > ?
> >
> > ie=UTF8&s=books&qid=1263898897&sr=8-2
> >
> > I always recommend the last edition, because of updates and
> > corretions. Or you can read all erratas for your edition.
> >
> > 2010/1/19 jack wang <windjie at gmail.com>:
> >
> > > ?Shon Harris Second Edition,plus www.cccure.org,they are enough
> > >
> >
> >
> > --
> >
> > Jeronimo Zucco
> >
> > http://jczucco.blogspot.com
> >
> >
> >
> > ------------------------------
> >
> >
> > _______________________________________________
> > cisspstudy mailing list
> > cisspstudy at cccure.org
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> >
> >
> > End of cisspstudy Digest, Vol 19, Issue 16
> >
> > ******************************************
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > cisspstudy mailing list
> > cisspstudy at cccure.org
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> >
> > _______________________________________________
> > cisspstudy mailing list
> > cisspstudy at cccure.org
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> >
> >
> >
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <
> > http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100120/6
> > b681
> > 638/attachment.html
> > >
> >
> > ------------------------------
> >
> > _______________________________________________
> > cisspstudy mailing list
> > cisspstudy at cccure.org
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> >
> > End of cisspstudy Digest, Vol 19, Issue 18
> > ******************************************
> >
> >
> >
> > _______________________________________________
> > cisspstudy mailing list
> > cisspstudy at cccure.org
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> >
> > _______________________________________________
> > cisspstudy mailing list
> > cisspstudy at cccure.org
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> >
> >
> > ------------------------------
> >
> > _______________________________________________
> > cisspstudy mailing list
> > cisspstudy at cccure.org
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> >
> > End of cisspstudy Digest, Vol 19, Issue 23
> > ******************************************
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
>
> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100210/a7d6f
> 5b7/attachment.html<http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100210/a7d6f%0A5b7/attachment.html>
> >
>
> ------------------------------
>
> _______________________________________________
> CISSPstudy mailing list
> CISSPstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
> End of CISSPstudy Digest, Vol 20, Issue 1
> *****************************************
>
>
>
> _______________________________________________
> CISSPstudy mailing list
> CISSPstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
> _______________________________________________
> CISSPstudy mailing list
> CISSPstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100210/c0ca9183/attachment-0001.html>
More information about the CISSPstudy
mailing list