[CCCure CISSP] CISSPstudy Digest, Vol 21, Issue 1

Clement Dupuis clement.dupuis at cccure.com
Wed Mar 3 23:14:25 EST 2010 

To add to this:

Authenticity is DEFINITIVELY one of the service you get through
cryptographic means.

All four choices are good but the first three are better in regard to the
question.

I do not like it

Clement

Clément Dupuis, CD
CISSP, GCFW, GCIA, QEH, QSA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS,
MBIS, MBHS,  ACE
----------------------------------------------------------------------------------------------
In real life:
Senior Security Specialist and Instructor
Security University
>>  Call me to get the best CISSP training  <<
----------------------------------------------------------------------------------------------
In Cyberspace:
President/Security Evangelist/Chief Learning Officer (CLO)
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Business:  407 479 3903
Fax:          407 264 8396

Maintainer of :
The CISSP and SSCP Open Study Guides Web Site
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org

Knowledge sharing and giving back to the community


On Wed, Mar 3, 2010 at 23:12, Clement Dupuis <clement.dupuis at gmail.com>wrote:

> The book is WRONG or should I say:  It is a real bad question.
>
> This is one of the strange question that existed in the old book that has
> not been fixed in the new edition.
>
> The question asks specifically about THE THREE CORE principles of
> security.  Of course Authenticity is not one of them ????  Which makes it a
> bad choice.
>
> The book (second edition)  explains why authenticity if a good choice as
> follow:
>
> *Cryptography support all three of the core principles of information
> security.  Many access control systems use cryptography to limit access to
> systems through the use of passwords.  Many token-based authentication
> system use cryptographic based hash algorithms to compute one-time
> passwords.  Denying unauthorized access prevents an attacker from entering
> and damaging the system or network, thereby denying access to authorized
> users.*
>
> As you can see this is not the best answer explanation I have seen in my
> life.  It is stretching the limit.   The only reason I would not pick
> Authenticity is because it is not one of the three core principles.
>
> Take care
>
> Clement
>
>
>
> Clément Dupuis, CD
> CISSP, GCFW, GCIA, Security+, Q/EH, Q/SA, Q/PTL, CEH, ECSA, CCSA, MBNS,
> MBIS, MBHS, CCSE, ACE
>
>
> ----------------------------------------------------------------------------------------------
> In real life:
> Senior Security Specialist and Instructor
> Security University
> >>  Call me to get the best CISSP training  <<
>
> ----------------------------------------------------------------------------------------------
> In Cyberspace:
> President/Security Evangelist/Chief Learning Officer (CLO)
> The CCCure Family of Portals
>
> ----------------------------------------------------------------------------------------------
> Business:  407 479 3903
> Fax:          407 264 8396
> Cell:          407 433 6444
>
> Maintainer of :
> The CISSP and SSCP Open Study Guides Web Site
> http://www.cccure.org
>
> The Professional Security Testers Warehouse
> http://www.professionalsecuritytesters.org
>
> Knowledge sharing and giving back to the community
>
>
> On Wed, Mar 3, 2010 at 23:01, Nimal Gunarathna <ng949 at yahoo.com> wrote:
>
>>  Thanks for your comments. I have another question for ya'll..
>> In ISC2 book crypto chapter has the following question:
>>
>> Cryptography supports all of the core principles of
>> information security except:
>>
>> a. Availability
>> b. Confidentiality
>> c. Integrity
>> d. Authenticity
>>
>> The book answer is d.
>>
>> But I think this is a typo... correct answer should be  a.
>>
>> Confidentiality is provided through encryption..
>> Integrity is provided through hashing..
>> Authenticity is provided through digital signatures..
>>
>> Any comments?
>>
>> --- On *Wed, 3/3/10, cisspstudy-request at cccure.org <
>> cisspstudy-request at cccure.org>* wrote:
>>
>>
>> From: cisspstudy-request at cccure.org <cisspstudy-request at cccure.org>
>> Subject: CISSPstudy Digest, Vol 21, Issue 1
>> To: cisspstudy at cccure.org
>> Date: Wednesday, March 3, 2010, 11:00 AM
>>
>> Send CISSPstudy mailing list submissions to
>>     cisspstudy at cccure.org <http://mc/compose?to=cisspstudy@cccure.org>
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>     http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>> or, via email, send a message with subject or body 'help' to
>>     cisspstudy-request at cccure.org<http://mc/compose?to=cisspstudy-request@cccure.org>
>>
>> You can reach the person managing the list at
>>     cisspstudy-owner at cccure.org<http://mc/compose?to=cisspstudy-owner@cccure.org>
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of CISSPstudy digest..."
>>
>>
>> Today's Topics:
>>
>>    1. XKMS (Nimal Gunarathna)
>>    2. Re: XKMS (Clement Dupuis)
>>    3. Re: XKMS (fzbrick)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Tue, 2 Mar 2010 20:33:35 -0800 (PST)
>> From: Nimal Gunarathna <ng949 at yahoo.com<http://mc/compose?to=ng949@yahoo.com>
>> >
>> To: cisspstudy at cccure.org <http://mc/compose?to=cisspstudy@cccure.org>
>> Subject: [CCCure CISSP] XKMS
>> Message-ID: <53080.38929.qm at web33901.mail.mud.yahoo.com<http://mc/compose?to=53080.38929.qm@web33901.mail.mud.yahoo.com>
>> >
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> Hello Everyone,
>> I am reading the Official ISC2 Guide To The ?CISSP CBK - 2nd edition.This
>> book includes most recent technologies...in the crypto chapterthey go
>> through XKMS, X-KISS, X-KRSS (XML key management specs2.0)?which I couldn't
>> ?find in Shon Harris V4 book..I am wondering ?whether these?new stuff are
>> covered in CISSP exam..?
>> Comments are appreciated..
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100302/77ee4e87/attachment-0001.html
>> >
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Wed, 3 Mar 2010 06:21:15 -0500
>> From: Clement Dupuis <clement.dupuis at cccure.com<http://mc/compose?to=clement.dupuis@cccure.com>
>> >
>> To: The CISSP Study Mailing list <cisspstudy at cccure.org<http://mc/compose?to=cisspstudy@cccure.org>
>> >
>> Subject: Re: [CCCure CISSP] XKMS
>> Message-ID:
>>     <959788641003030321j3de8a780v7d2ba87fb8296df3 at mail.gmail.com<http://mc/compose?to=959788641003030321j3de8a780v7d2ba87fb8296df3@mail.gmail.com>
>> >
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> Good day,
>>
>> YES, there are new items regularly added to the CBK.
>>
>> When it is major they document it in the Candidate Information Bulletin
>> (which they refer to as the study guide)
>>
>> I always use the ISC2 book as the checklist of what could be on the exam
>>
>> Thanks for highlighting the new topics
>>
>> Clement
>>
>>
>> Cl?ment Dupuis, CD
>> CISSP, GCFW, GCIA, QEH, QSA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS,
>> MBIS, MBHS,  ACE
>>
>> ----------------------------------------------------------------------------------------------
>> In real life:
>> Senior Security Specialist and Instructor
>> Security University
>> >>  Call me to get the best CISSP training  <<
>>
>> ----------------------------------------------------------------------------------------------
>> In Cyberspace:
>> President/Security Evangelist/Chief Learning Officer (CLO)
>> The CCCure Family of Portals
>>
>> ----------------------------------------------------------------------------------------------
>> Business:  407 479 3903
>> Fax:          407 264 8396
>>
>> Maintainer of :
>> The CISSP and SSCP Open Study Guides Web Site
>> http://www.cccure.org
>>
>> The Professional Security Testers Warehouse
>> http://www.professionalsecuritytesters.org
>>
>> Knowledge sharing and giving back to the community
>>
>>
>> On Tue, Mar 2, 2010 at 23:33, Nimal Gunarathna <ng949 at yahoo.com<http://mc/compose?to=ng949@yahoo.com>>
>> wrote:
>>
>> > Hello Everyone,
>> >
>> > I am reading the Official ISC2 Guide To The  CISSP CBK - 2nd edition.
>> > This book includes most recent technologies...in the crypto chapter
>> > they go through XKMS, X-KISS, X-KRSS (XML key management specs2.0)
>> > which I couldn't  find in Shon Harris V4 book..I am wondering  whether
>> > these
>> > new stuff are covered in CISSP exam..
>> >
>> > Comments are appreciated..
>> >
>> > _______________________________________________
>> > CISSPstudy mailing list
>> > CISSPstudy at cccure.org <http://mc/compose?to=CISSPstudy@cccure.org>
>> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>> >
>> >
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100303/78311e45/attachment-0001.html
>> >
>>
>> ------------------------------
>>
>> Message: 3
>> Date: Wed, 3 Mar 2010 08:12:40 -0500
>> From: fzbrick <fzbrick at gmail.com <http://mc/compose?to=fzbrick@gmail.com>
>> >
>> To: The CISSP Study Mailing list <cisspstudy at cccure.org<http://mc/compose?to=cisspstudy@cccure.org>
>> >
>> Subject: Re: [CCCure CISSP] XKMS
>> Message-ID:
>>     <6032a99e1003030512t4548a6e1lf353f0f69f9fd47 at mail.gmail.com<http://mc/compose?to=6032a99e1003030512t4548a6e1lf353f0f69f9fd47@mail.gmail.com>
>> >
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>>   I found the exam to not include cutting edge material.
>>
>> On Tue, Mar 2, 2010 at 11:33 PM, Nimal Gunarathna <ng949 at yahoo.com<http://mc/compose?to=ng949@yahoo.com>>
>> wrote:
>>
>> >   Hello Everyone,
>> >
>> > I am reading the Official ISC2 Guide To The  CISSP CBK - 2nd edition.
>> > This book includes most recent technologies...in the crypto chapter
>> > they go through XKMS, X-KISS, X-KRSS (XML key management specs2.0)
>> > which I couldn't  find in Shon Harris V4 book..I am wondering  whether
>> > these
>> > new stuff are covered in CISSP exam..
>> >
>> > Comments are appreciated..
>> >
>> > _______________________________________________
>> > CISSPstudy mailing list
>> > CISSPstudy at cccure.org <http://mc/compose?to=CISSPstudy@cccure.org>
>> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>> >
>> >
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100303/76ffdb19/attachment-0001.html
>> >
>>
>> ------------------------------
>>
>> _______________________________________________
>> CISSPstudy mailing list
>> CISSPstudy at cccure.org <http://mc/compose?to=CISSPstudy@cccure.org>
>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>
>>
>> End of CISSPstudy Digest, Vol 21, Issue 1
>> *****************************************
>>
>>
>> _______________________________________________
>> CISSPstudy mailing list
>> CISSPstudy at cccure.org
>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>
>>
>
> _______________________________________________
> CISSPstudy mailing list
> CISSPstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100303/8bf5abdc/attachment-0001.html>

More information about the CISSPstudy mailing list