I think one of the questions has an issue

kevindulanykevindulany Member Posts: 3 ■□□□□□□□□□
While taking the Security+ exam, I cam across a question...I want to make sure I am not missing something...

The question is:
You want to setup a secure method of sending and receiving email. Which two of the following protocols can be used for this purpose?
a. S/MIME
b. IPSec
c. TLS
d. PGP

Now, my issue is this...the correct answers (according to the test) is a and d. My issue is that PGP is NOT a protocol...

Am I off the mark or not???

Comments

  • billgbillg Member Posts: 35 ■■□□□□□□□□
    Yes PGP is considered both a protocol and the name of a program.
  • Danman32Danman32 Member Posts: 1,243
    But it's known more as a protocol
  • kevindulanykevindulany Member Posts: 3 ■□□□□□□□□□
    I guess I should have read the RFC 2440...
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,669 Admin
    For the purpose of answering this question correctly, it really doesn't matter if PGP is a protocol or not. Tthe question is really asking "What are the common ways of securing email?" PGP and S/MIME would be the correct answers. The fact that three of the four answers listed are cryptographic protocols is meant to test how well you know common email security mechanisms.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Indeed.

    As a CISSP you probably don't want to go over 'any' Security+ questions, which includes the actual exam. This is as good as it gets with CompTIA level questions, and actually very typical CompTIA. Actually, as a CISSP even the exam objectives and CompTIA's categorizations of those will probably seem 'off'. Once you've gone deeper in the material (and this goes for "anything"/ any type of education), you will quickly find out that on the basic level things weren't entirely accurate. But instead influenced by the scope and depth of the educational material, without going into to much detail about this: to simplify and teach complex topics on a very basic level, child-objects that would normally have a different parent in the hierarchy are simply thrown on a single pile for the sake of teaching. The available parents are limited by the level of depth of the material. As JD explained, this practice question is a rather obvious exampe of this. One of the dangers when taking CompTIA exams is overthinking it, just go with the obvious.

    I'm always open for suggestions on how to improve our material though so thanks nevertheless.
  • kevindulanykevindulany Member Posts: 3 ■□□□□□□□□□
    I agree (for the most part)...

    I am a firm believer that the question should not be the distractor itself...

    As JD said, the question is really asking ""What are the common ways of securing email?" PGP and S/MIME would be the correct answers." Then that should be the question.

    When I took the CISSP exam, I had to read the questions, pick out the key words (i.e. BEST, WORST, PROTOCOL, SERVICE)...then, mark out the two obvious distractors...and finally, map the last two answers to the key words in the question...

    As far as the question that I discussed, I looked at the key words...TWO PROTOCOLS....even though I did answer it correctly (using common sense and understanding the functions of IPSec and TLS...)...

    As far as suggestions...I would recommend making the questions clear and concise...and let the answers test the person...

    Thanks for all of your attention...

    Kevin
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,669 Admin
    As far as the question that I discussed, I looked at the key words...TWO PROTOCOLS....even though I did answer it correctly (using common sense and understanding the functions of IPSec and TLS...)...

    As far as suggestions...I would recommend making the questions clear and concise...and let the answers test the person...
    I'm missing something here. The question stated, "Which two of the following protocols...," all of the answers listed are protocols, and you didn't realize that PGP was a protocol. Where do you feel that clarity or conciseness is lacking in this question?
Sign In or Register to comment.