dcontesti
Community Champion
‎01-22-2020 10:06 AM
‎01-22-2020 10:06 AM

@dcontesti wrote:
@Vigenere wrote:
Hello, today in the official CISSP app I have encountered the following question

Q: When you're designing a security system for Internet-delivered email, which of the following is least important?

- Nonrepudiation
- Availability
- Message Integrity
- Access restriction

How would you answer?

WOW, I would say all four of them as important and would be hard pressed to choose one over the other.

 

In an exam situation, I probably would pick either a or b. 

 

And given some consideration, non-repudiation on internet mail is also critical (I need some guarantee that the authenticity of the signature). So in my case, I probably would answer B.

 

I am going to suggest that this is just a bad question that 1) is not framed properly for the reader to choose, 2) may or may not have a valid reference and 3) may be subjective on the part of the reader.

 

Did you feedback to (ISC)2 that the question may be problematic?

 

Regards

 

d

 

@Vigenere 

 

You asked why I would choose Availability as my answer.

 

As the question is worded in MHO, I chose Availability.

 

Rationale:

 

Non-repudiation - even though it is about ensuring the signature (sender) is really about integrity

Message Integrity - goes without saying is also about integrity

Access restriction - again (in my mind) is another form of integrity. Ensuring that admins can restrict access to emails based on either IDs or IPs.

 

As stated, when I looked at the options, I was left with non-repudiation and availability.  Given the question to me (again MHO) seemed to about integrity I chose Availability.

 

I did not mean to imply that I think it is the right answer but in an exam situation, given less than a minute to read and choose, that is the answer that I would pick.......

 

Hope that explains why I chose the way I did.

 

d

 

 

Reply
0 Kudos