A lot of people walk into the SY0-701 exam able to recite that AES is symmetric and SHA-256 is a hash, and still lose points on the questions that actually matter. The reason is almost always the same: they treat hashing, encoding, and encryption as three flavors of "scrambling data," when the exam treats them as three answers to three completely different questions.
Get the distinction straight once and a whole category of questions stops being guesswork.
Encoding is about format, not secrecy
Encoding converts data from one representation to another so a system can store or move it cleanly. Base64 is the one you will see most. It turns binary into text that survives being pasted into an email header or a URL.
Here is the part people miss: encoding provides zero confidentiality. Anyone can reverse Base64 with a tool that ships on every operating system. There is no key. If a question describes credentials that were "Base64 encoded for safe transport" and asks whether they are protected, the answer is no. Encoding is reversible by design and needs no secret to undo.
When you see "encoding" in an answer choice for a question about protecting data, it is usually the distractor.
Hashing is one way, and that is the whole point
A hash function takes input of any size and produces a fixed-length output. Feed the same input in and you get the same output every time. Change one character and the output looks completely different.
The property the exam cares about is that you cannot run a hash backward. You do not decrypt a hash to recover the original. That is why hashing shows up in two places:
- Integrity. Compare the hash of a file now against the hash you recorded earlier. If they match, the file was not altered.
- Password storage. Systems store the hash of your password, not the password itself. When you log in, they hash what you typed and compare.
If a question mentions verifying that a download was not tampered with, or storing passwords safely, hashing is the family you want. And if an answer choice says a hash was "decrypted," that choice is wrong on its face, because hashes are not encrypted and cannot be decrypted.
Expect the follow-up detail too. Salting adds random data before hashing so identical passwords do not produce identical hashes. Key stretching (bcrypt, PBKDF2, Argon2) deliberately makes hashing slow to blunt brute-force guessing. Those are the controls that turn a plain hash into safe password storage.
Encryption is two way and gated by a key
Encryption is the only one of the three built to provide confidentiality. You transform plaintext into ciphertext with a key, and only someone holding the right key can reverse it. Take the key away and the data is unreadable.
This is where symmetric versus asymmetric lives. Symmetric encryption (AES) uses the same key to lock and unlock, and it is fast. Asymmetric encryption (RSA, ECC) uses a public key and a private key, so it is slower but solves the problem of sharing a key with someone you have never met.
When a question is about keeping data unreadable to anyone without authorization, at rest or in transit, encryption is the answer. The presence of a key is the tell. Hashing has no key. Encoding has no key. If keys are in the story, you are in encryption territory.
The fast way to sort them under pressure
Ask two questions about whatever the scenario describes:
- Is there a key involved? If yes, it is encryption.
- If no key, can it be reversed at all? Reversible with no secret means encoding. Not reversible means hashing.
That two-step check resolves most of these questions in a few seconds, and it keeps you from falling for answer choices that use the right word in the wrong place. A "decrypted hash" and a "Base64 encrypted password" are both nonsense, and once the three ideas sit clean in your head, that nonsense jumps off the page.
If you want to see how the exam actually phrases these, working real practice questions beats rereading a definition ten more times. I built secplusmastery.com to drill exactly these distinctions, and there is a free diagnostic at secplusmastery.com/diagnostic that shows you fast whether hashing, encoding, and encryption are solid or still mushy.
Nail this trio and you walk in with a repeatable way to answer any question that throws all three at you together, which is most of the time.
Top comments (0)