CompTIA Security Plus Mock Test Q1132

A system administrator wants to confidentially send a username and password list to an individual outside the company without the information being detected by security controls. Which of the following would BEST meet this security goal?

A. Digital signatures
B. Hashing
C. Full-disk encryption
D. Steganography


Correct Answer: D
Section: Cryptography

Explanation:
Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video.
Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted
messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice
of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the
message.

Incorrect Answers:
A: A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender.
B: A hash function is used to map digital data of variable size to digital data of fixed length
C: Full-disk encryption would encrypt an entire volume, making the data inaccessible to an attacker who tries to bypass the computer’s security by booting another operating system. It
would not, however, allow a system administrator to confidentially send a user name and password list to an individual outside the company without the information being detected by
security controls.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 261, 290, 414
http://en.wikipedia.org/wiki/Steganography