cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dcontesti
Community Champion

Re: CISSP questions


@Vigenere wrote:
Hello, today in the official CISSP app I have encountered the following question

Q: When you're designing a security system for Internet-delivered email, which of the following is least important?

- Nonrepudiation
- Availability
- Message Integrity
- Access restriction

How would you answer?

WOW, I would say all four of them as important and would be hard pressed to choose one over the other.

 

In an exam situation, I probably would pick either a or b. 

 

And given some consideration, non-repudiation on internet mail is also critical (I need some guarantee that the authenticity of the signature). So in my case, I probably would answer B.

 

I am going to suggest that this is just a bad question that 1) is not framed properly for the reader to choose, 2) may or may not have a valid reference and 3) may be subjective on the part of the reader.

 

Did you feedback to (ISC)2 that the question may be problematic?

 

Regards

 

d

 

Vigenere
Newcomer III

Re: CISSP questions

@dcontesti
What is the reasoning that would ultimately lead you to deem Availability as the least important?

I totally agree on the question not being framed properly. My concern is, how many such badly posed questions will I find in the exam?



"I have no special talent. I am only passionately curious."
dcontesti
Community Champion

Re: CISSP questions


@dcontesti wrote:

@Vigenere wrote:
Hello, today in the official CISSP app I have encountered the following question

Q: When you're designing a security system for Internet-delivered email, which of the following is least important?

- Nonrepudiation
- Availability
- Message Integrity
- Access restriction

How would you answer?

WOW, I would say all four of them as important and would be hard pressed to choose one over the other.

 

In an exam situation, I probably would pick either a or b. 

 

And given some consideration, non-repudiation on internet mail is also critical (I need some guarantee that the authenticity of the signature). So in my case, I probably would answer B.

 

I am going to suggest that this is just a bad question that 1) is not framed properly for the reader to choose, 2) may or may not have a valid reference and 3) may be subjective on the part of the reader.

 

Did you feedback to (ISC)2 that the question may be problematic?

 

Regards

 

d

 


@Vigenere 

 

You asked why I would choose Availability as my answer.

 

As the question is worded in MHO, I chose Availability.

 

Rationale:

 

Non-repudiation - even though it is about ensuring the signature (sender) is really about integrity

Message Integrity - goes without saying is also about integrity

Access restriction - again (in my mind) is another form of integrity. Ensuring that admins can restrict access to emails based on either IDs or IPs.

 

As stated, when I looked at the options, I was left with non-repudiation and availability.  Given the question to me (again MHO) seemed to about integrity I chose Availability.

 

I did not mean to imply that I think it is the right answer but in an exam situation, given less than a minute to read and choose, that is the answer that I would pick.......

 

Hope that explains why I chose the way I did.

 

d

 

 

Vigenere
Newcomer III

Re: CISSP questions

@dcontesti

Pardon me, what do you mean by MHO?

To me this question is equivalent to

When choosing a new car, which of the following is least important?

- Engine
- The car actually functioning
- Transmission
- Fuel consumption



"I have no special talent. I am only passionately curious."
dcontesti
Community Champion

Re: CISSP questions

@Vigenere 

 

Sorry MHO = my humble opinion

 

Never meant to imply it was a good question.

 

As you said this was the Official CISSP app let's ask @AndreaMoore to pass to the appropriate internal department for their comment on the question.  Is that possible?

 

Regards

 

 

 

 

 

AndreaMoore
Community Manager

Re: CISSP questions

I have passed this along to our education department. I will let you know if I receive a response. 

 

Thanks,

Andrea




(ISC)² Community Manager
rslade
Influencer II

Re: CISSP questions

OK, an easy one to get back on track:

 

 The act of validating a user with a unique identifier is called

a. identification
b. authorization
c. authentication
d. registration


Answer: c.

 

(Reference: Gasser, Morrie, Building a Secure Computer System, New York: Nostrand Reinhold, 1988, pg 23)

 

The key word here is "validating."


Answer a - identification is the process of telling the system the alleged identity of a subject.
Answer b - authorization is the process of granting rights to a subject.
Answer c - authentication is the process of validating a subject.
Answer d - registration of a subject does not, necessarily, validate an identity claimed.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
AndreaMoore
Community Manager

Re: CISSP questions


@dcontesti wrote:

@Vigenere wrote:
Hello, today in the official CISSP app I have encountered the following question

Q: When you're designing a security system for Internet-delivered email, which of the following is least important?

- Nonrepudiation
- Availability
- Message Integrity
- Access restriction

How would you answer?

WOW, I would say all four of them as important and would be hard pressed to choose one over the other.

 

In an exam situation, I probably would pick either a or b. 

 

And given some consideration, non-repudiation on internet mail is also critical (I need some guarantee that the authenticity of the signature). So in my case, I probably would answer B.

 

I am going to suggest that this is just a bad question that 1) is not framed properly for the reader to choose, 2) may or may not have a valid reference and 3) may be subjective on the part of the reader.

 

Did you feedback to (ISC)2 that the question may be problematic?

 

Regards

 

d

 


The Education department has received this commentary and provided this: 

 

In the future, you can submit errata on various products by going to the links below.

 

 




(ISC)² Community Manager
dcontesti
Community Champion

Re: CISSP questions

@AndreaMoore Thank you for passing along to the appropriate department and the response.

@Vigenere You now have a venue to report the question as being incorrect.

 

Hope this helps

 

d

 

Vigenere
Newcomer III

Re: CISSP questions

Thank you @AndreaMoore. Does this mean that they acknowledge the question being badly posed or the answer incorrect?



"I have no special talent. I am only passionately curious."