Page 566 - StudyBook.pdf
P. 566

550    Chapter 9 • Basis of Cryptography

             Exam Objectives

             Frequently Asked Questions



             The following Frequently Asked Questions, answered by the authors of this
             book, are designed to both measure your understanding of the Exam Objectives
             presented in this chapter, and to assist you with real-life implementation of
             these concepts.


             Q: Why does CompTIA place importance on knowing the basics of cryptography
                 algorithms for the Security+ exam?

             A: Just as information security is more than just keeping intruders out, cryptog-
                 raphy is more than just a simple set of equations that allow you to conceal
                 information. If you do not have a solid handle on the basics of cryptography,
                 you will not know when you have made an implementation error, or how to
                 spot one that someone else made.We have seen many different types and appli-
                 cations of cryptography in this chapter, any one of which you may run into.


             Q: Are the concepts of confidentiality, integrity, and authentication limited only to
                 cryptography?

             A: Absolutely not! The concepts of confidentiality and integrity are part of the
                 CIA principles and you will find them turning up often in information secu-
                 rity. In fact, a large portion of information security is concerned with keeping
                 information on a need-to-know basis (confidentiality), making sure that you
                 can trust information that you have (integrity).A non-cryptography-related
                 example of each would be operating system access controls, file system verifica-
                 tion tools like Tripwire, and firewall rules.That is not to say that authentication
                 is not important, however. If you cannot determine whether or not people or
                 processes are who they claim to be, your other security precautions become
                 useless.


             Q: All of the algorithms looked at in this chapter are theoretically vulnerable in
                 some way, either by brute-force attacks or mathematical advances.Why are they
                 used?
             A: Although none of the algorithms in this chapter are 100 percent unbreakable,
                 they are an effective method for protecting confidential information.The main




          www.syngress.com
   561   562   563   564   565   566   567   568   569   570   571