CompTIA Security Plus Mock Test Q1121

A security administrator must implement a secure key exchange protocol that will allow company clients to autonomously exchange symmetric encryption keys over an unencrypted channel. Which of the following MUST be implemented?

A. SHA-256
B. AES
C. Diffie-Hellman
D. 3DES

Correct Answer: C
Section: Cryptography

Explanation:
Diffie-Hellman key exchange (D-H) is a means of securely generating symmetric encryption keys across an insecure medium.

Incorrect Answers:
A: SHA-256 can used to detect violations of data integrity. It will not, however, allow company clients to autonomously exchange symmetric encryption keys over an unencrypted
channel.
B: AES is a specification for the encryption of electronic data. It will not, however, allow company clients to autonomously exchange symmetric encryption keys over an unencrypted
channel.
D: 3DES is symmetric-key algorithm for the encryption of electronic data. It will not, however, allow company clients to autonomously exchange symmetric encryption keys over an
unencrypted channel.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 336
https://en.wikipedia.org/wiki/SHA-2
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
https://en.wikipedia.org/wiki/Triple_DES