Badly-worded questions

greyowlgreyowl Member Posts: 1 ■□□□□□□□□□
I don't like griping but I have found several practice questions to be unclearly formulated or to have confusing spelling mistakes. One example:
1. Digital signatures for email messages are encrypted hash values that digitally sign the email to verify the sender. What is the signing part of the process?
a. Encrypting the message with someones private key
b. Encrypting the message with someones public key
c. Hashing the message with the systems private key
d. Hashing the message with the systems public key

The options should say "with one's ... key" or "with the sender's ... key" and not "with someones ... key". Also: use apostrophes!

For insecure candidates (especially of non-English mother tongue) correct wording and spelling is crucial!

Viktor (from Switzerland)

Comments

  • HÆLLRÆZORHÆLLRÆZOR Users Awaiting Email Confirmation Posts: 51 ■■□□□□□□□□
    OMG everyone run. It's a grammar ****. noooo I can't use the word not si icon_cry.gif
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    Hello Viktor

    I am afraid that if the wording of those questions is a concern for you then when you see the real exam you will be in a state of shock icon_lol.gif
    There are questions that can be interpreted many different ways and you have to try to decide exactly what Comptia wants for the answer as maybe 2 or more can be totally valid answers. There are also questions that are based on opinion - such as ... 'What is considered to be ..... " icon_rolleyes.gif
    As far as I am concerned that is very wrong and should have no place in a technical exam. When I sit an exam I expect to be tested on knowledge and skills, but not my ability to figure out someones thought pattern. However the exam is the way that it is and Comptia will not enter into discussion over the matter.
    My concerns were so great over this that I wrote to our Ministry of Education to obtain an opinion. Their opinion was that based on feedback they have had over several Comptia exams that they would not fund students to study for them. That is a shame, but there were even more harsh comments made about several things regarding Comptia exams that I found interesting. I guess in the American marketplace they can do what they like as the government has no say in things like thsi, buit in this country they would be made to correct things or shut down.

    What totally annoys me is that through my experience is several different industries I am a strong advocate of industry training organisations and since moving into the IT field have become very much a believer in thr security area.
    www.supercross.com
    FIM website of the year 2007
  • infosecboyinfosecboy Member Posts: 6 ■□□□□□□□□□
    My answer is B. and I would change the wording to "Encrypting the message with the recepient's public key".
  • tahjzhuantahjzhuan Member Posts: 288 ■■■■□□□□□□
    it seems like a straight forward question to me...

    i think the answer is c though
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    tahjzhuan - care to elaborate how you came to that conclusion?
    www.supercross.com
    FIM website of the year 2007
  • antonio banderasantonio banderas Member Posts: 102
    I would pick B.

    When reviewing over the process, B seems like the correct choice. A is obviously wrong. C & D make no since, I would cross out C & D...
    Network/Radiation Oncology Analyst III
  • skully93skully93 Member Posts: 323 ■■■□□□□□□□
    Don't feel bad, most Americans who ONLY speak English still get confused :).

    I've heard that English is a tough language to get the hang of fluently because we have so many words for each thing, and so many implications based on how we say something (especially here in Texas!).

    Hopefully the real exam will be better worded. Sometimes they do toss in some questions that are worded a bit different just to throw you off, so be wary and read ?'s several times if there's any confusion. There are many times that I got questions wrong simply because I didn't read it through properly.
    I do not have a psychiatrist and I do not want one, for the simple reason that if he listened to me long enough, he might become disturbed.

    -- James Thurber
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    LMAO - just like Cockney, Scouse, or New York twang Texan is a whole 'nother language icon_lol.gif
    www.supercross.com
    FIM website of the year 2007
  • arthaxerxesarthaxerxes Member Posts: 12 ■□□□□□□□□□
    Hi to all the Cert Masters,

    When I see all the certifications some of you guys have, I can't help but feel like a first grader.

    Anyway I will sit for my Security+ in a week.
    Normally that means I should know all the topics. But maybe I should consider rescheduling my exam 'cause based on what I 've learnt the answer to the confusing question mentioned at the top would be A. Isn't it true that in Digital Signature, the sender creates a hash of the message and encrypts it with it's own private key? Isn't this Encrypted Hash the definition of the Digital Signature?

    I appreciate all the answers and make a decision of whether I need to postpone my exam based on this.

    Cheers.
  • tahjzhuantahjzhuan Member Posts: 288 ■■■■□□□□□□
    How I interpreted this.

    1. Digital signatures for email messages are encrypted hash values that digitally sign the email to verify the sender. What is the signing part of the process?

    a. Encrypting the message with someones private key - You should not have access to someones private key.

    b. Encrypting the message with someones public key - Question is asking about the signing portion.

    c. Hashing the message with the systems private key - Message may be signed, but not encrypted. Hash is still encrypted.

    d. Hashing the message with the systems public key - That would defeat the non-repudiation aspect if the public key was used.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    I think this may be the best thread re-spawn ever at 10.5 years. Can we get fact-checked by those who have been around longer than I have?
  • cholland89cholland89 Member Posts: 5 ■□□□□□□□□□
    This question doesn't seem to have a correct answer listed. Digital signatures provide authentication, non-repudiation, and integrity. The message is hashed and the hash is encrypted with the sender's private key. The 'signing' action is the hash encryption with the sender's private key.

    The problem with the answers is the following. A and B specify encrypting the message which isn't part of the digital signature and is a separate process.

    Answers C and D specify hashing with a key. The hash is generated by a hashing algorithm given the message as input. There is not a 'key' component to the hashing process.

    The correct answer would state:

    e. Encrypting the hash with the sender's private key.
  • jvrlopezjvrlopez Member Posts: 913 ■■■■□□□□□□
    First time I've seen a bump for a post older than 10 years...I was a sophomore in high school when this topic was made...
    And so you touch this limit, something happens and you suddenly can go a little bit further. With your mind power, your determination, your instinct, and the experience as well, you can fly very high. ~Ayrton Senna
  • GForce75GForce75 Member Posts: 222
    Wow, this is old. I was in Fort Hood, TX as in the rank of an Army Specialist (CPT now).
    Doctoral Candidate - BA (33/60hrs) ~ MBA/Project Management ~ BA/Business-IT
  • hurricane1091hurricane1091 Member Posts: 919 ■■■■□□□□□□
    Digital signature is a hash encrypted with the sender's private key. You can use the public key to decrypt the hash, then run a hash of the message and compare it to the hash in the digital signature. If all checks out you know that the message genuinely came from who it was supposed to.

    Question is poorly worded.
Sign In or Register to comment.