CompTIA Security Plus Mock Test Q1666

An organization wants to conduct secure transactions of large data files. Before encrypting and exchanging the data files, the organization wants to ensure a secure exchange of keys. Which of the following algorithms is appropriate for securing the key exchange?

A. DES
B. Blowfish
C. DSA
D. Diffie-Hellman
E. 3DES

Correct Answer: D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1419

A programmer must write a piece of code to encrypt passwords and credit card information used by an online shopping cart. The passwords must be stored using one-way encryption, while credit card information must be stored using reversible encryption. Which of the following should be used to accomplish this task? (Select TWO)

A. SHA for passwords
B. 3DES for passwords
C. RC4 for passwords
D. AES for credit cards
E. MD5 for credit cards
F. HMAC for credit cards

Correct Answer: B,D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1048

Which of the following symmetric key algorithms are examples of block ciphers? (Select THREE).

A. RC4
B. 3DES
C. AES
D. MD5
E. PGP
F. Blowfish


Correct Answer: B,C,F
Section: Cryptography

Explanation:
B: Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) symmetric-key block cipher, which applies the Data Encryption Standard
(DES) cipher algorithm three times to each data block.
C: Advanced Encryption Standard (AES) is a block cipher that has replaced DES as the current standard, and it uses the Rijndael algorithm. It was developed by Joan Daemen and
Vincent Rijmen. AES is the current product used by U.S. governmental agencies.
F: Blowfish is an encryption system invented by a team led by Bruce Schneier that performs a 64-bit block cipher at very fast speeds.

Incorrect Answers:
A: RC4 is a stream cipher, not a block cipher. It is the most widely used software stream cipher and is used in popular Internet protocols such as Transport Layer Security (TLS).
D: MD5 is a hash function not a block cipher. It is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit
hexadecimal number.
E: Pretty Good Privacy (PGP) is not a block cipher. It is a data encryption and decryption program that provides cryptographic privacy and authentication for data communication

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 251, 255-256, 272-273

CompTIA Security Plus Mock Test Q1038

Which of the following would Matt, a security administrator, use to encrypt transmissions from an internal database to an internal server, keeping in mind that the encryption process must add as little latency to the process as possible?

A. ECC
B. RSA
C. SHA
D. 3DES

Correct Answer: D
Section: Cryptography

Explanation:
3DES would be less secure compared to ECC, but 3DES would require less computational power.
Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break
than many other systems, and it’s more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys).

Incorrect Answers:
A: Elliptic Curve Cryptography (ECC) provides similar functionality to RSA but uses smaller key sizes to obtain the same level of security. ECC
encryption systems are based on the idea of using points on a curve combined with a point at infinity and the difficulty of solving discrete logarithm problems.
B: The RSA algorithm is an early public-key encryption system that uses large integers as the basis for the process. RSA encryption and decryption would require more computation
compared to 3DES.
C: SHA is not an encryption algorithm. The Secure Hash Algorithm (SHA) was designed to ensure the integrity of a message.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 251, 253, 255, 255-256

CompTIA Security Plus Mock Test Q1037

A bank has a fleet of aging payment terminals used by merchants for transnational processing. The terminals currently support single DES but require an upgrade in order to be compliant with security standards. Which of the following is likely to be the simplest upgrade to the aging terminals which will improve in-transit protection of transactional data?

A. AES
B. 3DES
C. RC4
D. WPA2

Correct Answer: B
Section: Cryptography

Explanation:
3DES (Triple DES) is based on DES.
In cryptography, Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm symmetric-key block cipher, which applies the Data Encryption Standard (DES)
cipher algorithm three times to each data block. The electronic payment industry uses Triple DES and continues to develop and promulgate standards based upon it (e.g. EMV).
Microsoft OneNote, Microsoft Outlook 2007, and Microsoft System Center Configuration Manager 2012, use Triple DES to password protect user content and system data.

Incorrect Answers:
A: AES (Advanced Encryption Standard) has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES) which was
published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. DES and AES are
completely different whereas 3DES is based on DES. Therefore, upgrading the terminals to 3DES would be simpler.
C: RC4 is the most widely used software stream cipher and is used in popular Internet protocols such as Transport Layer Security (TLS). DES and AES are different protocols used for
different purposes whereas 3DES is based on DES. Therefore, upgrading the terminals to 3DES would be simpler.
D: WPA2 (Wireless Protected Access 2) is used for securing wireless network connections. DES and WPA2 are different protocols used for different purposes whereas 3DES is based
on DES. Therefore, upgrading the terminals to 3DES would be simpler.

References:
http://en.wikipedia.org/wiki/Triple_DES
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 172-173, 250, 251, 255-256

CompTIA Security Plus Mock Test Q1036

Which of the following are restricted to 64-bit block sizes? (Select TWO).

A. PGP
B. DES
C. AES256
D. RSA
E. 3DES
F. AES

Correct Answer: B,E
Section: Cryptography

Explanation:
B: The Data Encryption Standard (DES) has been used since the mid-1970s. It was the primary standard used in government and industry until it was replaced by AES. It’s based on a
56-bit key and has several modes that offer security and integrity. It is now considered insecure because of the small key size.
E: Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to
break than many other systems, and it’s more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys).

Incorrect Answers:
A: International Data Encryption Algorithm (IDEA) was developed by a Swiss consortium. It’s an algorithm that uses a 128-bit key.
This product is similar in speed and capability to DES, but it’s more secure. IDEA is used in Pretty Good Privacy (PGP), a public domain encryption system used by many for email.
C: AES256 (also often written as AES-256) uses 256 bits instead of 128.
D: RSA is not restricted to 64-bit keys. 1024 and 2048 bit keys can be used, for example.
F: AES supports key sizes of 128, 192, and 256 bits, with 128 bits being the default.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 251, 255-256, 272-273

CompTIA Security Plus Mock Test Q1035

Which of the following provides additional encryption strength by repeating the encryption process with additional keys?

A. AES
B. 3DES
C. TwoFish
D. Blowfish

Correct Answer: B
Section: Cryptography

Explanation:
Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break
than many other systems, and it’s more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys).

Incorrect Answers:
A: Advanced Encryption Standard (AES) has replaced DES as the current standard, and it uses the Rijndael algorithm. It was developed by Joan Daemen and Vincent Rijmen. AES is
the current product used by U.S. governmental agencies.
It supports key sizes of 128, 192, and 256 bits, with 128 bits being the default.
C: Twofish is quite similar to Blowfish and works on 128-bit blocks.
D: Blowfish is an encryption system invented by a team led by Bruce Schneier that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use
variable-length keys (from 32 bits to 448 bits).

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 251, 255-256