CompTIA Security Plus Mock Test Q1037

A bank has a fleet of aging payment terminals used by merchants for transnational processing. The terminals currently support single DES but require an upgrade in order to be compliant with security standards. Which of the following is likely to be the simplest upgrade to the aging terminals which will improve in-transit protection of transactional data?

A. AES
B. 3DES
C. RC4
D. WPA2

Correct Answer: B
Section: Cryptography

Explanation:
3DES (Triple DES) is based on DES.
In cryptography, Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm symmetric-key block cipher, which applies the Data Encryption Standard (DES)
cipher algorithm three times to each data block. The electronic payment industry uses Triple DES and continues to develop and promulgate standards based upon it (e.g. EMV).
Microsoft OneNote, Microsoft Outlook 2007, and Microsoft System Center Configuration Manager 2012, use Triple DES to password protect user content and system data.

Incorrect Answers:
A: AES (Advanced Encryption Standard) has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES) which was
published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. DES and AES are
completely different whereas 3DES is based on DES. Therefore, upgrading the terminals to 3DES would be simpler.
C: RC4 is the most widely used software stream cipher and is used in popular Internet protocols such as Transport Layer Security (TLS). DES and AES are different protocols used for
different purposes whereas 3DES is based on DES. Therefore, upgrading the terminals to 3DES would be simpler.
D: WPA2 (Wireless Protected Access 2) is used for securing wireless network connections. DES and WPA2 are different protocols used for different purposes whereas 3DES is based
on DES. Therefore, upgrading the terminals to 3DES would be simpler.

References:
http://en.wikipedia.org/wiki/Triple_DES
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 172-173, 250, 251, 255-256