Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Question about CONFIDENTIAL and INTEGRAL transport-guarantee

 
Tyler Wright
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi folks,

below is the content of a question on one of the mock exams I have been taking:

Select all that are true:
A. Confidentiality can be defined as information is not made available or
disclosed to unauthorized persons or processes
B. The use of JSP pages ensures data confidentiality by default
C. Confidentiality can be ensured by the use of the SSL protocol
D. Confidentiality can be ensured by the use of the SHTTP protocol
E. Data integrity means that data is unchanged from its source and has
not been accidentally or maliciously modified

I answered: A, C, D, and E; however, the exam claims that the correct answers are only C and E.

My reasoning for the wrong answer is:
A: Confidentiality means the data is encryted; therefore even if intercepted, could not be "disclosed to
unauthorised persons or processes".
D: SHTTP is http over SSL.

Is my reasoning flawed or is the exam wrong?

thanks in advance,

 
Aarti Malhotra
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A,C and E seems correct answers amongst the options.
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
SHTTP is http over SSL.

HTTPS is HTTP over SSL. There was a protocol named SHTTP for much the same purpose, but it died more than 10 years ago.
 
Chinmaya Chowdary
Ranch Hand
Posts: 434
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, Tyler.
A: Confidentiality means the data is encryted; therefore even if intercepted, could not be "disclosed to
unauthorised persons or processes".


The hackers can get the encrypted information, they may not decrypt(if most powerful cryptographic algorithms are used) but they can see the packets headers and can find, to which servers the most frequent packets are going. They can find the most bussiest servers in the network. They can identify the vulnerable points in the network. They can act upon the points and can make maximum possible damage .
 
vani venkat
Ranch Hand
Posts: 142
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I also chose option A:

confidentiality means not allowing others to see like credit card numbers etc .
integrity is not allowing others to change or tamper on the way request passes.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic