CompTIA Security Plus Mock Test Q1054

An administrator has two servers and wants them to communicate with each other using a secure algorithm. Which of the following choose to provide both CRC integrity checks and RCA encryption?

A. NTLM
B. RSA
C. CHAP
D. ECDHE


Correct Answer: D
Section: Cryptography

Explanation:
ECDHE provides both CRC integrity checks and RCA encryption.
Adding an ephemeral key to Elliptic Curve Diffie-Hellman turns it into ECDHE. It is the ephemeral component of each of these that provides the perfect forward secrecy.
Forward secrecy is a property of any key exchange system, which ensures that if one key is compromised, subsequent keys will not also be compromised. Perfect forward secrecy
occurs when this process is unbreakable.

Incorrect Answers:
A: NTLM does not use RCA encryption.
Microsoft replaced the LANMAN protocol with NTLM (NT LAN Manager) with the release of Windows NT. NTLM uses MD4/MD5 hashing algorithms. Several versions of this protocol
exist (NTLMv1, NTLMv2), and it is still in widespread use despite the fact that Microsoft has pointed to Kerberos as being its preferred authentication protocol.
B: RSA is one of the first practical public-key cryptosystems and is widely used for secure data transmission. However, RSA does not use RCA encryption.
C: CHAP does use RCA encryption.
CHAP provides protection against replay attacks by the peer through the use of an incrementally changing identifier and of a variable challenge-value. CHAP requires that both the
client and server know the plaintext of the secret, although it is never sent over the network

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 139, 143, 252, 254, 256