CompTIA Security Plus Mock Test Q1666

An organization wants to conduct secure transactions of large data files. Before encrypting and exchanging the data files, the organization wants to ensure a secure exchange of keys. Which of the following algorithms is appropriate for securing the key exchange?

A. DES
B. Blowfish
C. DSA
D. Diffie-Hellman
E. 3DES

Correct Answer: D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1262

An administrator would like to utilize encryption that has comparable speed and strength to the AES cipher without using AES itself. The cipher should be able to operate in the same modes as AES and utilize the same minimum bit strength. Which of the following algorithms should the administrator select?

A. RC4
B. Rijndael
C. SHA
D. TwoFish
E. 3DES

Correct Answer: A
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1134

A software developer utilizes cryptographic functions to generate codes that verify message integrity. Due to the nature if the data that is being sent back and forth from the client application to the server, the developer would like to change the cryptographic function to one that verities both authentication and message integrity. Which of the following algorithms should the software developer utilize?

A. HMAC
B. SHA
C. Two Fish
D. RIPEMD

Correct Answer: D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1127

When confidentiality is the primary concern, and a secure channel for key exchange is not available, which of the following should be used for transmitting company documents?

A. Digital Signature
B. Symmetric
C. Asymmetric
D. Hashing

Correct Answer: C
Section: Cryptography

Explanation:
Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. Asymmetric algorithms do not require a
secure channel for the initial exchange of secret keys between the parties.

Incorrect Answers:
A: A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender.
B: Symmetric encryption would not in itself help on an unsecure channel.
D: Hashing is used to prove the integrity of data to prove that it hasn’t been modified.

References:
https://en.wikipedia.org/wiki/Public-key_cryptography
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 249-251, 256, 261, 291

CompTIA Security Plus Mock Test Q1126

A technician wants to verify the authenticity of the system files of a potentially compromised system. Which of the following can the technician use to verify if a system file was compromised? (Select TWO).

A. AES
B. PGP
C. SHA
D. MD5
E. ECDHE


Correct Answer: C,D
Section: Cryptography

Explanation:
Hashing is used to prove the integrity of data to prove that it hasn’t been modified. Hashing algorithms are used to derive a key mathematically from a message. The most common
hashing standards for cryptographic applications are the SHA and MD algorithms.

Incorrect Answers:
A: AES is not a hashing algorithm.
B: PGPis not a hashing algorithm.
E: ECDHE is not a hashing algorithm.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 255, 256

CompTIA Security Plus Mock Test Q1060

Recent data loss on financial servers due to security breaches forced the system administrator to harden their systems. Which of the following algorithms with transport encryption would be implemented to provide the MOST secure web connections to manage and access these servers?

A. SSL
B. TLS
C. HTTP
D. FTP


Correct Answer: B
Section: Cryptography

Explanation:
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network.
Transport Layer Security (TLS) is a security protocol that expands upon SSL. Many industry analysts predict that TLS will replace SSL in the future. TLS 1.0 was first defined in RFC
2246 in January 1999 as an upgrade of SSL Version 3.0. As of February 2015, the latest versions of all major web browsers support TLS 1.0, 1.1, and 1.2, have them enabled by
default.

Incorrect Answers:
A: As of 2014 the 3.0 version of SSL is considered insecure as it is vulnerable to the POODLE attack that affects all block ciphers in SSL; and RC4, the only non-block cipher
supported by SSL 3.0, is also feasibly broken as used in SSL 3.0.
B: The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is not a transport protocol.
D: The File Transfer Protocol (FTP) is not a transport layer protocol. FTP is a standard network protocol used to transfer computer files from one host to another host over a TCPbased
network, such as the Internet.
FTP is built on a client-server architecture and uses separate control and data connections between the client and the server.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 75, 268-269

CompTIA Security Plus Mock Test Q1057

Which of the following algorithms has well documented collisions? (Select TWO).

A. AES
B. MD5
C. SHA
D. SHA-256
E. RSA

Correct Answer: B,C
Section: Cryptography

Explanation:
B: MD5 biggest weakness is that it does not have strong collision resistance, and thus it is no longer recommended for use.
C: SHA-1 (also known as SHA) is being retired from most government uses; the U.S. National Institute of Standards and Technology said, “Federal agencies should stop using SHA-1
for…applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010”, though that was later
relaxed.
Note: The hashing algorithm must have few or no collisions. This means that hashing two different inputs does not give the same output.
Cryptographic hash functions are usually designed to be collision resistant. But many hash functions that were once thought to be collision resistant were later broken. MD5 and SHA-1
in particular both have published techniques more efficient than brute force for finding collisions.

Incorrect Answers:
A: AES has much fewer hash collisions compared to both MD5 and SHA.
D: SHA-256 (also known as SHA-2) has much fewer hash collisions compared to both MD5 and SHA.
E: RSA has much fewer hash collisions compared to both MD5 and SHA.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 252, 255, 255-256

CompTIA Security Plus Mock Test Q1048

Which of the following symmetric key algorithms are examples of block ciphers? (Select THREE).

A. RC4
B. 3DES
C. AES
D. MD5
E. PGP
F. Blowfish


Correct Answer: B,C,F
Section: Cryptography

Explanation:
B: Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) symmetric-key block cipher, which applies the Data Encryption Standard
(DES) cipher algorithm three times to each data block.
C: Advanced Encryption Standard (AES) is a block cipher that has replaced DES as the current standard, and it uses the Rijndael algorithm. It was developed by Joan Daemen and
Vincent Rijmen. AES is the current product used by U.S. governmental agencies.
F: Blowfish is an encryption system invented by a team led by Bruce Schneier that performs a 64-bit block cipher at very fast speeds.

Incorrect Answers:
A: RC4 is a stream cipher, not a block cipher. It is the most widely used software stream cipher and is used in popular Internet protocols such as Transport Layer Security (TLS).
D: MD5 is a hash function not a block cipher. It is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit
hexadecimal number.
E: Pretty Good Privacy (PGP) is not a block cipher. It is a data encryption and decryption program that provides cryptographic privacy and authentication for data communication

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 251, 255-256, 272-273

CompTIA Security Plus Mock Test Q1040

Which of the following cryptographic algorithms is MOST often used with IPSec?

A. Blowfish
B. Twofish
C. RC4
D. HMAC


Correct Answer: D
Section: Cryptography

Explanation:
The HMAC-MD5-96 (also known as HMAC-MD5) encryption technique is used by IPSec to make sure that a message has not been altered.

Incorrect Answers:
A: Blowfish can be used with IPSec but not as often as HMAC.
B: Twofish, a variant of Blowfish, can be used with IPSec but not as often as HMAC.
C: RC4 is popular with wireless and WEP/WPA encryption. IPSec can use HMAC-MD5 for data integrity.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 139, 250, 251, 255-256, 260

CompTIA Security Plus Mock Test Q1006

Symmetric encryption utilizes __________, while asymmetric encryption utilizes _________.

A.
Public keys, one time
B. Shared keys, private keys
C. Private keys, session keys
D. Private keys, public keys


Correct Answer: D
Section: Cryptography

Explanation:
Symmetrical systems require the key to be private between the two parties. With asymmetric systems, each circuit has one key.
In more detail:
* Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be
protected. A symmetric key, sometimes referred to as a secret key or private key, is a key that isn’t disclosed to people who aren’t authorized to use the encryption system.
* Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. The sender uses the public key to
encrypt a message, and the receiver uses the private key to decrypt the message; what one key does, the other one undoes.

Incorrect Answers:
A: Symmetric encryption uses private keys, not public keys.
B: Symmetric encryption uses private keys, not shared keys.
C: Asymmetric encryption does not use session keys, it uses a public key to encrypt data.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 251, 262