If you can decode it, it was never encryption: untangling encoding, hashing, and encryption for Security+

Three words show up constantly on the SY0-701 exam and in real security work, and they get blended together more than almost anything else: encoding, hashing, and encryption. All three turn readable data into something that looks scrambled, so people treat them as interchangeable. The exam writes questions specifically to catch you doing that.

Here is the clean mental model that finally fixed it for me.

Encoding is for compatibility, not secrecy

Encoding changes the format of data so a system can store or transport it safely. Base64, URL encoding, and ASCII are encoding schemes. There is no key. Anyone who knows the scheme can reverse it instantly, and that is the entire point.

If a question shows Base64 and an answer choice says "the data is protected," that choice is wrong. Base64 is reversible by design. Attackers use it to slip payloads past simple filters, not to hide anything from someone competent. When a phishing attachment contains a Base64 blob, decoding it is step one of analysis, not a wall.