CompTIA Security Plus Mock Test Q1748

An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but not confidentiality protection. Which of the following AES modes of operation would meet this integrity-only requirement?

A. GMAC
B. PCBC
C. CBC
D. GCM
E. CFB

Correct Answer: A
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1419

A programmer must write a piece of code to encrypt passwords and credit card information used by an online shopping cart. The passwords must be stored using one-way encryption, while credit card information must be stored using reversible encryption. Which of the following should be used to accomplish this task? (Select TWO)

A. SHA for passwords
B. 3DES for passwords
C. RC4 for passwords
D. AES for credit cards
E. MD5 for credit cards
F. HMAC for credit cards

Correct Answer: B,D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1316

The security administration team at a company has been tasked with implementing a data-at-rest solution for its company storage. Due to the large amount of storage the Chief Information Officer (CISO) decides that a 128-bit cipher is needed but the CISO also does not want to degrade system performance any more than necessary. Which of the following encryptions needs BOTH of these needs?

A. SHA1
B. DSA
C. AES
D. 3DES

Correct Answer: C
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1048

Which of the following symmetric key algorithms are examples of block ciphers? (Select THREE).

A. RC4
B. 3DES
C. AES
D. MD5
E. PGP
F. Blowfish


Correct Answer: B,C,F
Section: Cryptography

Explanation:
B: Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) symmetric-key block cipher, which applies the Data Encryption Standard
(DES) cipher algorithm three times to each data block.
C: Advanced Encryption Standard (AES) is a block cipher that has replaced DES as the current standard, and it uses the Rijndael algorithm. It was developed by Joan Daemen and
Vincent Rijmen. AES is the current product used by U.S. governmental agencies.
F: Blowfish is an encryption system invented by a team led by Bruce Schneier that performs a 64-bit block cipher at very fast speeds.

Incorrect Answers:
A: RC4 is a stream cipher, not a block cipher. It is the most widely used software stream cipher and is used in popular Internet protocols such as Transport Layer Security (TLS).
D: MD5 is a hash function not a block cipher. It is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit
hexadecimal number.
E: Pretty Good Privacy (PGP) is not a block cipher. It is a data encryption and decryption program that provides cryptographic privacy and authentication for data communication

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 251, 255-256, 272-273

CompTIA Security Plus Mock Test Q1036

Which of the following are restricted to 64-bit block sizes? (Select TWO).

A. PGP
B. DES
C. AES256
D. RSA
E. 3DES
F. AES

Correct Answer: B,E
Section: Cryptography

Explanation:
B: The Data Encryption Standard (DES) has been used since the mid-1970s. It was the primary standard used in government and industry until it was replaced by AES. It’s based on a
56-bit key and has several modes that offer security and integrity. It is now considered insecure because of the small key size.
E: Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to
break than many other systems, and it’s more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys).

Incorrect Answers:
A: International Data Encryption Algorithm (IDEA) was developed by a Swiss consortium. It’s an algorithm that uses a 128-bit key.
This product is similar in speed and capability to DES, but it’s more secure. IDEA is used in Pretty Good Privacy (PGP), a public domain encryption system used by many for email.
C: AES256 (also often written as AES-256) uses 256 bits instead of 128.
D: RSA is not restricted to 64-bit keys. 1024 and 2048 bit keys can be used, for example.
F: AES supports key sizes of 128, 192, and 256 bits, with 128 bits being the default.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 251, 255-256, 272-273

CompTIA Security Plus Mock Test Q1035

Which of the following provides additional encryption strength by repeating the encryption process with additional keys?

A. AES
B. 3DES
C. TwoFish
D. Blowfish

Correct Answer: B
Section: Cryptography

Explanation:
Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break
than many other systems, and it’s more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys).

Incorrect Answers:
A: Advanced Encryption Standard (AES) has replaced DES as the current standard, and it uses the Rijndael algorithm. It was developed by Joan Daemen and Vincent Rijmen. AES is
the current product used by U.S. governmental agencies.
It supports key sizes of 128, 192, and 256 bits, with 128 bits being the default.
C: Twofish is quite similar to Blowfish and works on 128-bit blocks.
D: Blowfish is an encryption system invented by a team led by Bruce Schneier that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use
variable-length keys (from 32 bits to 448 bits).

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 251, 255-256

CompTIA Security Plus Mock Test Q1034

To ensure compatibility with their flagship product, the security engineer is tasked to recommend an encryption cipher that will be compatible with the majority of third party software and hardware vendors. Which of the following should be recommended?

A. SHA
B. MD5
C. Blowfish
D. AES


Correct Answer: D
Section: Cryptography

Explanation:
AES (Advanced Encryption Standard) has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES) which was published
in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. AES is used to encrypt data, not to
verify data integrity.

Incorrect Answers:
A: The first version of SHA is from 1993. SHA is not as widespread as AES.
The Secure Hash Algorithm (SHA) was designed to ensure the integrity of a message. SHA is a one-way hash that provides a hash value that can be used with an encryption protocol.
This algorithm produces a 160-bit hash value.
B: MD5 is from 1992. Usage of MD5 is not as widespread as that of AES.
The Message Digest Algorithm (MD) also creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the
most common are MD5, MD4, and MD2.
C: Compared to AES Blowfish is newer and much less widespread.
Blowfish is an encryption system invented by a team led by Bruce Schneier that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use variablelength
keys (from 32 bits to 448 bits).
The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most
common are MD5, MD4, and MD2.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 251, 255-256

CompTIA Security Plus Mock Test Q1033

Which of the following can be implemented with multiple bit strength?

A. AES
B. DES
C. SHA-1
D. MD5
E. MD4


Correct Answer: A
Section: Cryptography

Explanation:
AES (a symmetric algorithm) uses key sizes of 128, 192, or 256 bits.

Incorrect Answers:
B: The Data Encryption Standard (DES) has been used since the mid-1970s. It was the primary standard used in government and industry until it was replaced by AES. It’s based on a
56-bit key and has several modes that offer security and integrity.
C: The Secure Hash Algorithm (SHA) was designed to ensure the integrity of a message. SHA is a one-way hash that provides a hash value that can be used with an encryption
protocol. This algorithm produces a 160-bit hash value. SHA-2 has several sizes: 224, 256, 334, and 512 bit.
D: The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most
common are MD5, MD4, and MD2. MD5 is the newest version of the algorithm. It produces a 128-bit hash, but the algorithm is more complex than its predecessors and offers greater
security.
E: The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 251, 255-256

CompTIA Security Plus Mock Test Q717

An employee connects a wireless access point to the only jack in the conference room to provide Internet access during a meeting. The access point is configured to use WPA2-TKIP. A malicious user is able to intercept clear text HTTP communication between the meeting attendees and the Internet. Which of the following is the reason the malicious user is able to intercept and see the clear text communication?

A. The malicious user has access to the WPA2-TKIP key.
B. The wireless access point is broadcasting the SSID.
C. The malicious user is able to capture the wired communication.
D. The meeting attendees are using unencrypted hard drives.


Correct Answer: C
Section: Threats and Vulnerabilities

Explanation:
In this question, the wireless users are using WPA2-TKIP. While TKIP is a weak encryption protocol, it is still an encryption protocol. Therefore, the wireless communications between
the laptops and the wireless access point are encrypted.
The question states that user was able to intercept ‘clear text’ HTTP communication between the meeting attendees and the Internet. The HTTP communications are unencrypted as
they travel over the wired network. Therefore, the malicious user must have been able to capture the wired communication.
TKIP and AES are two different types of encryption that can be used by a Wi-Fi network. TKIP stands for “Temporal Key Integrity Protocol.” It was a stopgap encryption protocol
introduced with WPA to replace the very-insecure WEP encryption at the time. TKIP is actually quite similar to WEP encryption. TKIP is no longer considered secure, and is now
deprecated.

Incorrect Answers:
A: TKIP provides a rekeying mechanism which ensures that every data packet is sent with a unique encryption key. Therefore, having a WPA2-TKIP key would not enable the user to
decrypt the data. Furthermore, if the wireless communications were captured, they would still be encrypted. This question states that the user was able to intercept ‘clear text’ (nonencrypted)
HTTP communication.
B: The wireless access point broadcasting the SSID would not enable interception of clear text HTTP communication between the meeting attendees and the Internet.
D: The meeting attendees using unencrypted hard drives would not enable interception of clear text HTTP communication between the meeting attendees and the Internet. The
communication was intercepted between the laptops and the Internet. It was not read from the hard drives.

References:

Wi-Fi Security: Should You Use WPA2-AES, WPA2-TKIP, or Both?