[CCCure CISSP] CISSPstudy Digest, Vol 21, Issue 1

Clement Dupuis clement.dupuis at gmail.com
Wed Mar 3 23:12:53 EST 2010 

The book is WRONG or should I say:  It is a real bad question.

This is one of the strange question that existed in the old book that has
not been fixed in the new edition.

The question asks specifically about THE THREE CORE principles of security.
Of course Authenticity is not one of them ????  Which makes it a bad choice.

The book (second edition)  explains why authenticity if a good choice as
follow:

*Cryptography support all three of the core principles of information
security.  Many access control systems use cryptography to limit access to
systems through the use of passwords.  Many token-based authentication
system use cryptographic based hash algorithms to compute one-time
passwords.  Denying unauthorized access prevents an attacker from entering
and damaging the system or network, thereby denying access to authorized
users.*

As you can see this is not the best answer explanation I have seen in my
life.  It is stretching the limit.   The only reason I would not pick
Authenticity is because it is not one of the three core principles.

Take care

Clement



Clément Dupuis, CD
CISSP, GCFW, GCIA, Security+, Q/EH, Q/SA, Q/PTL, CEH, ECSA, CCSA, MBNS,
MBIS, MBHS, CCSE, ACE
----------------------------------------------------------------------------------------------
In real life:
Senior Security Specialist and Instructor
Security University
>>  Call me to get the best CISSP training  <<
----------------------------------------------------------------------------------------------
In Cyberspace:
President/Security Evangelist/Chief Learning Officer (CLO)
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Business:  407 479 3903
Fax:          407 264 8396
Cell:          407 433 6444

Maintainer of :
The CISSP and SSCP Open Study Guides Web Site
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org

Knowledge sharing and giving back to the community


On Wed, Mar 3, 2010 at 23:01, Nimal Gunarathna <ng949 at yahoo.com> wrote:

> Thanks for your comments. I have another question for ya'll..
> In ISC2 book crypto chapter has the following question:
>
> Cryptography supports all of the core principles of
> information security except:
>
> a. Availability
> b. Confidentiality
> c. Integrity
> d. Authenticity
>
> The book answer is d.
>
> But I think this is a typo... correct answer should be  a.
>
> Confidentiality is provided through encryption..
> Integrity is provided through hashing..
> Authenticity is provided through digital signatures..
>
> Any comments?
>
> --- On *Wed, 3/3/10, cisspstudy-request at cccure.org <
> cisspstudy-request at cccure.org>* wrote:
>
>
> From: cisspstudy-request at cccure.org <cisspstudy-request at cccure.org>
> Subject: CISSPstudy Digest, Vol 21, Issue 1
> To: cisspstudy at cccure.org
> Date: Wednesday, March 3, 2010, 11:00 AM
>
> Send CISSPstudy mailing list submissions to
>     cisspstudy at cccure.org <http://mc/compose?to=cisspstudy@cccure.org>
>
> To subscribe or unsubscribe via the World Wide Web, visit
>     http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> or, via email, send a message with subject or body 'help' to
>     cisspstudy-request at cccure.org<http://mc/compose?to=cisspstudy-request@cccure.org>
>
> You can reach the person managing the list at
>     cisspstudy-owner at cccure.org<http://mc/compose?to=cisspstudy-owner@cccure.org>
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of CISSPstudy digest..."
>
>
> Today's Topics:
>
>    1. XKMS (Nimal Gunarathna)
>    2. Re: XKMS (Clement Dupuis)
>    3. Re: XKMS (fzbrick)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 2 Mar 2010 20:33:35 -0800 (PST)
> From: Nimal Gunarathna <ng949 at yahoo.com<http://mc/compose?to=ng949@yahoo.com>
> >
> To: cisspstudy at cccure.org <http://mc/compose?to=cisspstudy@cccure.org>
> Subject: [CCCure CISSP] XKMS
> Message-ID: <53080.38929.qm at web33901.mail.mud.yahoo.com<http://mc/compose?to=53080.38929.qm@web33901.mail.mud.yahoo.com>
> >
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello Everyone,
> I am reading the Official ISC2 Guide To The ?CISSP CBK - 2nd edition.This
> book includes most recent technologies...in the crypto chapterthey go
> through XKMS, X-KISS, X-KRSS (XML key management specs2.0)?which I couldn't
> ?find in Shon Harris V4 book..I am wondering ?whether these?new stuff are
> covered in CISSP exam..?
> Comments are appreciated..
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100302/77ee4e87/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Wed, 3 Mar 2010 06:21:15 -0500
> From: Clement Dupuis <clement.dupuis at cccure.com<http://mc/compose?to=clement.dupuis@cccure.com>
> >
> To: The CISSP Study Mailing list <cisspstudy at cccure.org<http://mc/compose?to=cisspstudy@cccure.org>
> >
> Subject: Re: [CCCure CISSP] XKMS
> Message-ID:
>     <959788641003030321j3de8a780v7d2ba87fb8296df3 at mail.gmail.com<http://mc/compose?to=959788641003030321j3de8a780v7d2ba87fb8296df3@mail.gmail.com>
> >
> Content-Type: text/plain; charset="iso-8859-1"
>
> Good day,
>
> YES, there are new items regularly added to the CBK.
>
> When it is major they document it in the Candidate Information Bulletin
> (which they refer to as the study guide)
>
> I always use the ISC2 book as the checklist of what could be on the exam
>
> Thanks for highlighting the new topics
>
> Clement
>
>
> Cl?ment Dupuis, CD
> CISSP, GCFW, GCIA, QEH, QSA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS,
> MBIS, MBHS,  ACE
>
> ----------------------------------------------------------------------------------------------
> In real life:
> Senior Security Specialist and Instructor
> Security University
> >>  Call me to get the best CISSP training  <<
>
> ----------------------------------------------------------------------------------------------
> In Cyberspace:
> President/Security Evangelist/Chief Learning Officer (CLO)
> The CCCure Family of Portals
>
> ----------------------------------------------------------------------------------------------
> Business:  407 479 3903
> Fax:          407 264 8396
>
> Maintainer of :
> The CISSP and SSCP Open Study Guides Web Site
> http://www.cccure.org
>
> The Professional Security Testers Warehouse
> http://www.professionalsecuritytesters.org
>
> Knowledge sharing and giving back to the community
>
>
> On Tue, Mar 2, 2010 at 23:33, Nimal Gunarathna <ng949 at yahoo.com<http://mc/compose?to=ng949@yahoo.com>>
> wrote:
>
> > Hello Everyone,
> >
> > I am reading the Official ISC2 Guide To The  CISSP CBK - 2nd edition.
> > This book includes most recent technologies...in the crypto chapter
> > they go through XKMS, X-KISS, X-KRSS (XML key management specs2.0)
> > which I couldn't  find in Shon Harris V4 book..I am wondering  whether
> > these
> > new stuff are covered in CISSP exam..
> >
> > Comments are appreciated..
> >
> > _______________________________________________
> > CISSPstudy mailing list
> > CISSPstudy at cccure.org <http://mc/compose?to=CISSPstudy@cccure.org>
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100303/78311e45/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 3
> Date: Wed, 3 Mar 2010 08:12:40 -0500
> From: fzbrick <fzbrick at gmail.com <http://mc/compose?to=fzbrick@gmail.com>>
> To: The CISSP Study Mailing list <cisspstudy at cccure.org<http://mc/compose?to=cisspstudy@cccure.org>
> >
> Subject: Re: [CCCure CISSP] XKMS
> Message-ID:
>     <6032a99e1003030512t4548a6e1lf353f0f69f9fd47 at mail.gmail.com<http://mc/compose?to=6032a99e1003030512t4548a6e1lf353f0f69f9fd47@mail.gmail.com>
> >
> Content-Type: text/plain; charset="iso-8859-1"
>
>   I found the exam to not include cutting edge material.
>
> On Tue, Mar 2, 2010 at 11:33 PM, Nimal Gunarathna <ng949 at yahoo.com<http://mc/compose?to=ng949@yahoo.com>>
> wrote:
>
> >   Hello Everyone,
> >
> > I am reading the Official ISC2 Guide To The  CISSP CBK - 2nd edition.
> > This book includes most recent technologies...in the crypto chapter
> > they go through XKMS, X-KISS, X-KRSS (XML key management specs2.0)
> > which I couldn't  find in Shon Harris V4 book..I am wondering  whether
> > these
> > new stuff are covered in CISSP exam..
> >
> > Comments are appreciated..
> >
> > _______________________________________________
> > CISSPstudy mailing list
> > CISSPstudy at cccure.org <http://mc/compose?to=CISSPstudy@cccure.org>
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100303/76ffdb19/attachment-0001.html
> >
>
> ------------------------------
>
> _______________________________________________
> CISSPstudy mailing list
> CISSPstudy at cccure.org <http://mc/compose?to=CISSPstudy@cccure.org>
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
> End of CISSPstudy Digest, Vol 21, Issue 1
> *****************************************
>
>
> _______________________________________________
> CISSPstudy mailing list
> CISSPstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100303/e8bc821b/attachment.html>

More information about the CISSPstudy mailing list