701 content question (answer for exam or job interview)

[Hank Cox]

If the question shown below were asked in a job interview, which answers would you advise students to select? Would your advice be the same if the question were on the 701 cert exam? Given the definition of "cryptographic algorithm" in the 701 manual, I don't know which answers would be scored as correct on the 701 exam.

Question:
Laws and regulations require your organization to use cryptographic algorithms to secure some data. Which of these are cryptographic algorithms? (Select all that apply)

Answers:
A. Hashing
B. Encoding
C. Decoding
D. Encryption
E. Decryption

 

[Mark Anthony Germanos]

D and E. Encryption and Decryption because the private key is not publicly available.

 

[Cyber Russ]

If the question shown below were asked in a job interview, which answers would you advise students to select? Would your advice be the same if the question were on the 701 cert exam? Given the definition of "cryptographic algorithm" in the 701 manual, I don't know which answers would be scored as correct on the 701 exam.

Question:
Laws and regulations require your organization to use cryptographic algorithms to secure some data. Which of these are cryptographic algorithms? (Select all that apply)

Answers:
A. Hashing
B. Encoding
C. Decoding
D. Encryption
E. Decryption

I would also go with D & E on this, as the other answers do not apply to the question.

 

[Hank Cox]

I agree that D & E are the two best answers. Hashing, encryption, and decryption algorithms are cryptographic algorithms. For example, PCI DSS requries securing data by using encryption and hashing algorithms. On a job or interview, I think students should answer: A. Hashing, D. Encryption, and E. Decryption.

Unfortunately, I don't know how to answer the question on the 701 certification exam. The 701 manual says “A cryptographic algorithm is the particular operations performed to encode or decode data.” CINers discussing this definition say that this content is inaccurate.

CIN SMEs here are following common industry usage of these terms. We apparently agree that encoding or decoding are not examples of cryptographic algorithms. However, if the author of the exam question uses CompTIA's definition of "cryptographic algorithm", we would all lose points on the exam.

Students using CompTIA's definition of "cryptographic algorithm" would think encoding and decoding are correct answers. However, if the author of the exam question follows common industry usage of the term "cryptographic algorithm", these students would all lose points on the exam.

How should we answer this student question: "If it is incorrect in the manual, do I need to give the incorrect answer on the exam?"

 

[Fanuel]

If the question shown below were asked in a job interview, which answers would you advise students to select? Would your advice be the same if the question were on the 701 cert exam? Given the definition of "cryptographic algorithm" in the 701 manual, I don't know which answers would be scored as correct on the 701 exam.

Question:
Laws and regulations require your organization to use cryptographic algorithms to secure some data. Which of these are cryptographic algorithms? (Select all that apply)

Answers:
A. Hashing
B. Encoding
C. Decoding
D. Encryption
E. Decryption

D and E are the correct answers in this scenario

 

[jasoneckert]

Technically hashing is also encryption - but it's 1-way encryption (i.e., you can obtain the original data from the hash).

 

[TechTrainer11]

I would counter this as the question is not what I would ask at an interview. An employer need to ask questions based on the application of knowledge in the work place. My question would be:
Which of the following would be MOST likely used to protect email and provide non-repudiation:
A, SSH
B, PGP
C, HTTPS
D, IPSec

And then ask Why? Or explain your answer?

 

[BrianFord]

If the question shown below were asked in a job interview, which answers would you advise students to select? Would your advice be the same if the question were on the 701 cert exam? Given the definition of "cryptographic algorithm" in the 701 manual, I don't know which answers would be scored as correct on the 701 exam.

Question:
Laws and regulations require your organization to use cryptographic algorithms to secure some data. Which of these are cryptographic algorithms? (Select all that apply)

Answers:
A. Hashing
B. Encoding
C. Decoding
D. Encryption
E. Decryption

Just an opinion but multiple choice questions (in my experience) generally don't work well in interview settings. Unless the options are yes and no. But note that yes and no questions also don't work well in assessing candidates in an interview setting.

If this were a question on a certification exam I'd suggest it's not a good question as none of the responses are algorithms.

 

[Gregory Childers]

If the question shown below were asked in a job interview, which answers would you advise students to select? Would your advice be the same if the question were on the 701 cert exam? Given the definition of "cryptographic algorithm" in the 701 manual, I don't know which answers would be scored as correct on the 701 exam.

Question:
Laws and regulations require your organization to use cryptographic algorithms to secure some data. Which of these are cryptographic algorithms? (Select all that apply)

Answers:
A. Hashing
B. Encoding
C. Decoding
D. Encryption
E. Decryption

None of the above. All five are processes. None are algorithms AES is an algorithm. ECC is an algorithm.

 

[jarrelrivera]

If the question shown below were asked in a job interview, which answers would you advise students to select? Would your advice be the same if the question were on the 701 cert exam? Given the definition of "cryptographic algorithm" in the 701 manual, I don't know which answers would be scored as correct on the 701 exam.

Question:
Laws and regulations require your organization to use cryptographic algorithms to secure some data. Which of these are cryptographic algorithms? (Select all that apply)

Answers:
A. Hashing
B. Encoding
C. Decoding
D. Encryption
E. Decryption

"There are three main types of cryptographic algorithms with different roles to play in the assurance of the security properties confidentiality, integrity, availability, and non-repudiation. These types are hashing algorithms and two types of encryption ciphers: symmetric and asymmetric."
Reference: The Official CompTIA Security+ Instructor Guide (Exam SY0-701), page 38, Topic 3A

With the help of Copilot, let’s explore the options:

1. Hashing (A): Yes, hashing is a cryptographic algorithm. It takes an input (often called a “message”) and produces a fixed-length string of characters, which is typically a hash value. Hash functions are commonly used for data integrity verification, password storage, and digital signatures.
2. Encoding (B): No, encoding is not a cryptographic algorithm. Encoding is a process that converts data from one format to another (e.g., converting text to binary or base64). It does not provide security or confidentiality.
3. Decoding ©: No, decoding is not a cryptographic algorithm either. Decoding is the reverse process of encoding, converting data back to its original format. It is not used for security purposes.
4. Encryption (D): Yes, encryption is a fundamental cryptographic technique. It transforms plaintext (original data) into ciphertext (encrypted data) using an encryption key. Only authorized parties with the correct decryption key can reverse the process and retrieve the original data.
5. Decryption (E): Yes, decryption complements encryption. It converts ciphertext back to plaintext using a decryption key. Decryption is essential for reading encrypted data.

In summary:

• Hashing ensures data integrity.
• Encryption provides confidentiality.
• Decryption allows authorized access to encrypted data.

Remember, these cryptographic techniques play crucial roles in securing sensitive information!