Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
Certification Preparation
CompTIA
Security+
Badly-worded questions
greyowl
I don't like griping but I have found several practice questions to be unclearly formulated or to have confusing spelling mistakes. One example:
1. Digital signatures for email messages are encrypted hash values that digitally sign the email to verify the sender. What is the signing part of the process?
a. Encrypting the message with someones private key
b. Encrypting the message with someones public key
c. Hashing the message with the systems private key
d. Hashing the message with the systems public key
The options should say "with one's ... key" or "with the sender's ... key" and not "with someones ... key". Also: use apostrophes!
For insecure candidates (especially of non-English mother tongue) correct wording and spelling is crucial!
Viktor (from Switzerland)
Find more posts tagged with
Comments
HÆLLRÆZOR
OMG everyone run. It's a grammar ****. noooo I can't use the word not si
RussS
Hello Viktor
I am afraid that if the wording of those questions is a concern for you then when you see the real exam you will be in a state of shock
There are questions that can be interpreted many different ways and you have to try to decide exactly what Comptia wants for the answer as maybe 2 or more can be totally valid answers. There are also questions that are based on opinion - such as ... 'What is considered to be ..... "
As far as I am concerned that is very wrong and should have no place in a technical exam. When I sit an exam I expect to be tested on knowledge and skills, but not my ability to figure out someones thought pattern. However the exam is the way that it is and Comptia will not enter into discussion over the matter.
My concerns were so great over this that I wrote to our Ministry of Education to obtain an opinion. Their opinion was that based on feedback they have had over several Comptia exams that they would not fund students to study for them. That is a shame, but there were even more harsh comments made about several things regarding Comptia exams that I found interesting. I guess in the American marketplace they can do what they like as the government has no say in things like thsi, buit in this country they would be made to correct things or shut down.
What totally annoys me is that through my experience is several different industries I am a strong advocate of industry training organisations and since moving into the IT field have become very much a believer in thr security area.
infosecboy
My answer is B. and I would change the wording to "Encrypting the message with the recepient's public key".
tahjzhuan
it seems like a straight forward question to me...
i think the answer is c though
RussS
tahjzhuan - care to elaborate how you came to that conclusion?
antonio banderas
I would pick B.
When reviewing over the process, B seems like the correct choice. A is obviously wrong. C & D make no since, I would cross out C & D...
skully93
Don't feel bad, most Americans who ONLY speak English still get confused
.
I've heard that English is a tough language to get the hang of fluently because we have so many words for each thing, and so many implications based on how we say something (especially here in Texas!).
Hopefully the real exam will be better worded. Sometimes they do toss in some questions that are worded a bit different just to throw you off, so be wary and read ?'s several times if there's any confusion. There are many times that I got questions wrong simply because I didn't read it through properly.
RussS
LMAO - just like Cockney, Scouse, or New York twang Texan is a whole 'nother language
arthaxerxes
Hi to all the Cert Masters,
When I see all the certifications some of you guys have, I can't help but feel like a first grader.
Anyway I will sit for my Security+ in a week.
Normally that means I should know all the topics. But maybe I should consider rescheduling my exam 'cause based on what I 've learnt the answer to the confusing question mentioned at the top would be
A
. Isn't it true that in Digital Signature, the sender creates a hash of the message and encrypts it with it's own
private
key? Isn't this Encrypted Hash the definition of the Digital Signature?
I appreciate all the answers and make a decision of whether I need to postpone my exam based on this.
Cheers.
tahjzhuan
How I interpreted this.
1. Digital signatures for email messages are encrypted hash values that digitally sign the email to verify the sender. What is the signing part of the process?
a. Encrypting the message with someones private key - You should not have access to someones private key.
b. Encrypting the message with someones public key - Question is asking about the signing portion.
c. Hashing the message with the systems private key - Message may be signed, but not encrypted. Hash is still encrypted.
d. Hashing the message with the systems public key - That would defeat the non-repudiation aspect if the public key was used.
cyberguypr
I think this may be the best thread re-spawn ever at 10.5 years. Can we get fact-checked by those who have been around longer than I have?
cholland89
This question doesn't seem to have a correct answer listed. Digital signatures provide authentication, non-repudiation, and integrity. The message is hashed and the hash is encrypted with the sender's private key. The 'signing' action is the hash encryption with the sender's private key.
The problem with the answers is the following. A and B specify encrypting the message which isn't part of the digital signature and is a separate process.
Answers C and D specify hashing with a key. The hash is generated by a hashing algorithm given the message as input. There is not a 'key' component to the hashing process.
The correct answer would state:
e. Encrypting the hash with the sender's private key.
jvrlopez
First time I've seen a bump for a post older than 10 years...I was a sophomore in high school when this topic was made...
GForce75
Wow, this is old. I was in Fort Hood, TX as in the rank of an Army Specialist (CPT now).
hurricane1091
Digital signature is a hash encrypted with the sender's private key. You can use the public key to decrypt the hash, then run a hash of the message and compare it to the hash in the digital signature. If all checks out you know that the message genuinely came from who it was supposed to.
Question is poorly worded.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
