The book is WRONG or should I say: It is a real bad question.<br><br>This is one of the strange question that existed in the old book that has not been fixed in the new edition.<br><br>The question asks specifically about THE THREE CORE principles of security. Of course Authenticity is not one of them ???? Which makes it a bad choice.<br>
<br>The book (second edition) explains why authenticity if a good choice as follow:<br><br><b>Cryptography support all three of the core principles of information security. Many access control systems use cryptography to limit access to systems through the use of passwords. Many token-based authentication system use cryptographic based hash algorithms to compute one-time passwords. Denying unauthorized access prevents an attacker from entering and damaging the system or network, thereby denying access to authorized users.</b><br>
<br>As you can see this is not the best answer explanation I have seen in my life. It is stretching the limit. The only reason I would not pick Authenticity is because it is not one of the three core principles.<br><br>
Take care <br><br>Clement<br><br><br><br clear="all">Clément Dupuis, CD<br>CISSP, GCFW, GCIA, Security+, Q/EH, Q/SA, Q/PTL, CEH, ECSA, CCSA, MBNS, MBIS, MBHS, CCSE, ACE<br>----------------------------------------------------------------------------------------------<br>
In real life:<br>Senior Security Specialist and Instructor<br>Security University<br>>> Call me to get the best CISSP training <<<br>----------------------------------------------------------------------------------------------<br>
In Cyberspace:<br>President/Security Evangelist/Chief Learning Officer (CLO)<br>The CCCure Family of Portals<br>----------------------------------------------------------------------------------------------<br>Business: 407 479 3903<br>
Fax: 407 264 8396<br>Cell: 407 433 6444 <br><br>Maintainer of :<br>The CISSP and SSCP Open Study Guides Web Site<br><a href="http://www.cccure.org">http://www.cccure.org</a> <br><br>The Professional Security Testers Warehouse<br>
<a href="http://www.professionalsecuritytesters.org">http://www.professionalsecuritytesters.org</a> <br><br>Knowledge sharing and giving back to the community<br>
<br><br><div class="gmail_quote">On Wed, Mar 3, 2010 at 23:01, Nimal Gunarathna <span dir="ltr"><<a href="mailto:ng949@yahoo.com">ng949@yahoo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td style="font-family: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; font-size: inherit; line-height: inherit; font-size-adjust: inherit; font-stretch: inherit;" valign="top">
Thanks for your comments. I have another question for ya'll..<div>In ISC2 book crypto chapter has the following question:</div><div><br></div><div>Cryptography supports all of the core principles of information security except:</div>
<div><br></div><div>a. Availability</div><div>b. Confidentiality</div><div>c. Integrity</div><div>d. Authenticity</div><div><br></div><div>The book answer is d.</div><div><br></div><div>But I think this is a typo... correct answer should be a.</div>
<div><br></div><div>Confidentiality is provided through encryption..</div><div>Integrity is provided through hashing..</div><div>Authenticity is provided through digital signatures..</div><div><br></div><div>Any comments?<br>
<br>--- On <b>Wed, 3/3/10, <a href="mailto:cisspstudy-request@cccure.org" target="_blank">cisspstudy-request@cccure.org</a> <i><<a href="mailto:cisspstudy-request@cccure.org" target="_blank">cisspstudy-request@cccure.org</a>></i></b> wrote:<br>
<blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"><br>From: <a href="mailto:cisspstudy-request@cccure.org" target="_blank">cisspstudy-request@cccure.org</a> <<a href="mailto:cisspstudy-request@cccure.org" target="_blank">cisspstudy-request@cccure.org</a>><br>
Subject: CISSPstudy Digest, Vol 21, Issue 1<br>To: <a href="mailto:cisspstudy@cccure.org" target="_blank">cisspstudy@cccure.org</a><br>Date: Wednesday, March 3, 2010, 11:00 AM<br><br><div>Send CISSPstudy mailing list submissions to<br>
<a href="http://mc/compose?to=cisspstudy@cccure.org" target="_blank">cisspstudy@cccure.org</a><br><br>To subscribe or unsubscribe via the World Wide Web, visit<br> <a href="http://cccure.org/mailman/listinfo/cisspstudy_cccure.org" target="_blank">http://cccure.org/mailman/listinfo/cisspstudy_cccure.org</a><br>
or, via email, send a message with subject or body 'help' to<br> <a href="http://mc/compose?to=cisspstudy-request@cccure.org" target="_blank">cisspstudy-request@cccure.org</a><br><br>You can reach
the person managing the list at<br> <a href="http://mc/compose?to=cisspstudy-owner@cccure.org" target="_blank">cisspstudy-owner@cccure.org</a><br><br>When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of CISSPstudy digest..."<br><br><br>Today's Topics:<br><br> 1. XKMS (Nimal Gunarathna)<br> 2. Re: XKMS (Clement Dupuis)<br> 3. Re: XKMS (fzbrick)<br><br><br>----------------------------------------------------------------------<br>
<br>Message: 1<br>Date: Tue, 2 Mar 2010 20:33:35 -0800 (PST)<br>From: Nimal Gunarathna <<a href="http://mc/compose?to=ng949@yahoo.com" target="_blank">ng949@yahoo.com</a>><br>To: <a href="http://mc/compose?to=cisspstudy@cccure.org" target="_blank">cisspstudy@cccure.org</a><br>
Subject: [CCCure CISSP] XKMS<br>Message-ID: <<a href="http://mc/compose?to=53080.38929.qm@web33901.mail.mud.yahoo.com" target="_blank">53080.38929.qm@web33901.mail.mud.yahoo.com</a>><br>Content-Type: text/plain; charset="iso-8859-1"<br>
<br>Hello Everyone,<br>I am reading the Official ISC2 Guide To The ?CISSP CBK - 2nd edition.This book includes most recent technologies...in the crypto chapterthey go through XKMS, X-KISS, X-KRSS (XML key management specs2.0)?which I couldn't ?find in Shon Harris V4 book..I am wondering ?whether these?new stuff are covered in CISSP exam..?<br>
Comments are appreciated..<br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <<a href="http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100302/77ee4e87/attachment-0001.html" target="_blank">http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100302/77ee4e87/attachment-0001.html</a>><br>
<br>------------------------------<br><br>Message: 2<br>Date: Wed, 3 Mar 2010 06:21:15 -0500<br>From: Clement Dupuis <<a href="http://mc/compose?to=clement.dupuis@cccure.com" target="_blank">clement.dupuis@cccure.com</a>><br>
To: The CISSP Study Mailing list <<a href="http://mc/compose?to=cisspstudy@cccure.org" target="_blank">cisspstudy@cccure.org</a>><br>Subject: Re: [CCCure CISSP] XKMS<br>Message-ID:<br> <<a href="http://mc/compose?to=959788641003030321j3de8a780v7d2ba87fb8296df3@mail.gmail.com" target="_blank">959788641003030321j3de8a780v7d2ba87fb8296df3@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br><br>Good day,<br><br>YES, there are new items regularly added to the
CBK.<br><br>When it is major they document it in the Candidate Information Bulletin<br>(which they refer to as the study guide)<br><br>I always use the ISC2 book as the checklist of what could be on the exam<br><br>Thanks for highlighting the new topics<br>
<br>Clement<br><br><br>Cl?ment Dupuis, CD<br>CISSP, GCFW, GCIA, QEH, QSA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS,<br>MBIS, MBHS, ACE<br>----------------------------------------------------------------------------------------------<br>
In real life:<br>Senior Security Specialist and Instructor<br>Security University<br>>> Call me to get the best CISSP training <<<br>----------------------------------------------------------------------------------------------<br>
In Cyberspace:<br>President/Security Evangelist/Chief Learning Officer (CLO)<br>The CCCure Family of
Portals<br>----------------------------------------------------------------------------------------------<br>Business: 407 479 3903<br>Fax: 407 264 8396<br><br>Maintainer of :<br>The CISSP and SSCP Open Study Guides Web Site<br>
<a href="http://www.cccure.org" target="_blank">http://www.cccure.org</a><br><br>The Professional Security Testers Warehouse<br><a href="http://www.professionalsecuritytesters.org" target="_blank">http://www.professionalsecuritytesters.org</a><br>
<br>Knowledge sharing and giving back to the community<br><br><br>On Tue, Mar 2, 2010 at 23:33, Nimal Gunarathna <<a href="http://mc/compose?to=ng949@yahoo.com" target="_blank">ng949@yahoo.com</a>> wrote:<br><br>> Hello Everyone,<br>
><br>> I am reading the Official ISC2 Guide To The CISSP CBK - 2nd edition.<br>> This book includes most recent technologies...in the crypto chapter<br>> they go through XKMS,
X-KISS, X-KRSS (XML key management specs2.0)<br>> which I couldn't find in Shon Harris V4 book..I am wondering whether<br>> these<br>> new stuff are covered in CISSP exam..<br>><br>> Comments are appreciated..<br>
><br>> _______________________________________________<br>> CISSPstudy mailing list<br>> <a href="http://mc/compose?to=CISSPstudy@cccure.org" target="_blank">CISSPstudy@cccure.org</a><br>> <a href="http://cccure.org/mailman/listinfo/cisspstudy_cccure.org" target="_blank">http://cccure.org/mailman/listinfo/cisspstudy_cccure.org</a><br>
><br>><br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <<a href="http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100303/78311e45/attachment-0001.html" target="_blank">http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100303/78311e45/attachment-0001.html</a>><br>
<br>------------------------------<br><br>Message: 3<br>Date: Wed, 3 Mar 2010 08:12:40 -0500<br>From: fzbrick <<a href="http://mc/compose?to=fzbrick@gmail.com" target="_blank">fzbrick@gmail.com</a>><br>To: The CISSP Study Mailing list <<a href="http://mc/compose?to=cisspstudy@cccure.org" target="_blank">cisspstudy@cccure.org</a>><br>
Subject: Re: [CCCure CISSP] XKMS<br>Message-ID:<br> <<a href="http://mc/compose?to=6032a99e1003030512t4548a6e1lf353f0f69f9fd47@mail.gmail.com" target="_blank">6032a99e1003030512t4548a6e1lf353f0f69f9fd47@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br><br> I found the exam to not include cutting edge material.<br><br>On Tue, Mar 2, 2010 at 11:33 PM,
Nimal Gunarathna <<a href="http://mc/compose?to=ng949@yahoo.com" target="_blank">ng949@yahoo.com</a>> wrote:<br><br>> Hello Everyone,<br>><br>> I am reading the Official ISC2 Guide To The CISSP CBK - 2nd edition.<br>
> This book includes most recent technologies...in the crypto chapter<br>> they go through XKMS, X-KISS, X-KRSS (XML key management specs2.0)<br>> which I couldn't find in Shon Harris V4 book..I am wondering whether<br>
> these<br>> new stuff are covered in CISSP exam..<br>><br>> Comments are appreciated..<br>><br>> _______________________________________________<br>> CISSPstudy mailing list<br>> <a href="http://mc/compose?to=CISSPstudy@cccure.org" target="_blank">CISSPstudy@cccure.org</a><br>
> <a href="http://cccure.org/mailman/listinfo/cisspstudy_cccure.org" target="_blank">http://cccure.org/mailman/listinfo/cisspstudy_cccure.org</a><br>><br>><br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>
URL: <<a href="http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100303/76ffdb19/attachment-0001.html" target="_blank">http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100303/76ffdb19/attachment-0001.html</a>><br>
<br>------------------------------<br><br>_______________________________________________<br>CISSPstudy mailing list<br><a href="http://mc/compose?to=CISSPstudy@cccure.org" target="_blank">CISSPstudy@cccure.org</a><br><a href="http://cccure.org/mailman/listinfo/cisspstudy_cccure.org" target="_blank">http://cccure.org/mailman/listinfo/cisspstudy_cccure.org</a><br>
<br><br>End of CISSPstudy Digest, Vol 21, Issue 1<br>*****************************************<br></div></blockquote></div></td></tr></tbody></table><br>_______________________________________________<br>
CISSPstudy mailing list<br>
<a href="mailto:CISSPstudy@cccure.org">CISSPstudy@cccure.org</a><br>
<a href="http://cccure.org/mailman/listinfo/cisspstudy_cccure.org" target="_blank">http://cccure.org/mailman/listinfo/cisspstudy_cccure.org</a><br>
<br></blockquote></div><br>