CompTIA Security Plus Mock Test Q1034

To ensure compatibility with their flagship product, the security engineer is tasked to recommend an encryption cipher that will be compatible with the majority of third party software and hardware vendors. Which of the following should be recommended?

A. SHA
B. MD5
C. Blowfish
D. AES


Correct Answer: D
Section: Cryptography

Explanation:
AES (Advanced Encryption Standard) has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES) which was published
in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. AES is used to encrypt data, not to
verify data integrity.

Incorrect Answers:
A: The first version of SHA is from 1993. SHA is not as widespread as AES.
The Secure Hash Algorithm (SHA) was designed to ensure the integrity of a message. SHA is a one-way hash that provides a hash value that can be used with an encryption protocol.
This algorithm produces a 160-bit hash value.
B: MD5 is from 1992. Usage of MD5 is not as widespread as that of AES.
The Message Digest Algorithm (MD) also creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the
most common are MD5, MD4, and MD2.
C: Compared to AES Blowfish is newer and much less widespread.
Blowfish is an encryption system invented by a team led by Bruce Schneier that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use variablelength
keys (from 32 bits to 448 bits).
The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most
common are MD5, MD4, and MD2.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 251, 255-256