CompTIA Security Plus Mock Test Q1480

An administrator is implementing a security control that only permits the execution of allowed programs. Which of the following are cryptography concepts that should be used to identify the allowed programs? (Select two.)

A. Digital signatures
B. Hashing
C. Asymmetric encryption
D. openID
E. key escrow

Correct Answer: A,B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1133

Protecting the confidentiality of a message is accomplished by encrypting the message with which of the following?

A. Sender’s private key
B. Recipient’s public key
C. Sender’s public key
D. Recipient’s private key

Correct Answer: B
Section: Cryptography

Explanation:
To achieve both authentication and confidentiality, the sender should include the recipient’s name in the message, sign it using his private key, and then encrypt both the message and
the signature using the recipient’s public key.

Incorrect Answers:
A: The sender’s private key is used to generate a digital signature, which is used for authentication.
C: The ender’s public key is not used for encrypting the message.
D: The recipient’s private key is used to decrypt the message.

References:
https://en.wikipedia.org/wiki/Public-key_cryptography

CompTIA Security Plus Mock Test Q1132

A system administrator wants to confidentially send a username and password list to an individual outside the company without the information being detected by security controls. Which of the following would BEST meet this security goal?

A. Digital signatures
B. Hashing
C. Full-disk encryption
D. Steganography


Correct Answer: D
Section: Cryptography

Explanation:
Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video.
Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted
messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice
of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the
message.

Incorrect Answers:
A: A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender.
B: A hash function is used to map digital data of variable size to digital data of fixed length
C: Full-disk encryption would encrypt an entire volume, making the data inaccessible to an attacker who tries to bypass the computer’s security by booting another operating system. It
would not, however, allow a system administrator to confidentially send a user name and password list to an individual outside the company without the information being detected by
security controls.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 261, 290, 414
http://en.wikipedia.org/wiki/Steganography

CompTIA Security Plus Mock Test Q1128

A small company wants to employ PKI. The company wants a cost effective solution that must be simple and trusted. They are considering two options: X.509 and PGP. Which of the following would be the BEST option?

A. PGP, because it employs a web-of-trust that is the most trusted form of PKI.
B. PGP, because it is simple to incorporate into a small environment.
C. X.509, because it uses a hierarchical design that is the most trusted form of PKI.
D. X.509, because it is simple to incorporate into a small environment.

Correct Answer: B
Section: Cryptography

Explanation:
PGP easier to use and setup than the corporate PKI model, but it is also less robust when it comes to issues like authentication and trust. However, the full benefits of public key
cryptography are used.

Incorrect Answers:
A: The web of trust method used by PGP forces users to trust someone’s entire keyring regardless of whether the user only really trusts the owner of the keyring. It is therefore not the
most trusted form of PKI.
C: Because of its hierarchical design, X.509 is not a simple, cost effective solution.
D: Because of its hierarchical design, X.509 is not a simple, cost effective solution.

References:
http://www.math.ucsd.edu/~crypto/students/PGP.html
https://en.wikipedia.org/wiki/X.509

CompTIA Security Plus Mock Test Q1127

When confidentiality is the primary concern, and a secure channel for key exchange is not available, which of the following should be used for transmitting company documents?

A. Digital Signature
B. Symmetric
C. Asymmetric
D. Hashing

Correct Answer: C
Section: Cryptography

Explanation:
Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. Asymmetric algorithms do not require a
secure channel for the initial exchange of secret keys between the parties.

Incorrect Answers:
A: A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender.
B: Symmetric encryption would not in itself help on an unsecure channel.
D: Hashing is used to prove the integrity of data to prove that it hasn’t been modified.

References:
https://en.wikipedia.org/wiki/Public-key_cryptography
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 249-251, 256, 261, 291

CompTIA Security Plus Mock Test Q1124

Joe, a user, wants to protect sensitive information stored on his hard drive. He uses a program that encrypted the whole hard drive. Once the hard drive is fully encrypted, he uses the same program to create a hidden volume within the encrypted hard drive and stores the sensitive information within the hidden volume. This is an example of which of the following? (Select TWO).

A. Multi-pass encryption
B. Transport encryption
C. Plausible deniability
D. Steganography
E. Transitive encryption
F. Trust models


Correct Answer: C,D
Section: Cryptography

Explanation:
Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video. In this case, it is a hidden volume within the encrypted hard
drive.
In cryptography, deniable encryption may be used to describe steganographic techniques, where the very existence of an encrypted file or message is deniable in the sense that an
adversary cannot prove that an encrypted message exists. This then provides you with plausible deniability.

Incorrect Answers:
A: Multi-pass encryption is not a valid encryption type.
B: Transport encryption is the process of encrypting data ready to be transmitted over an insecure network.
E: Transitive comes across in trust models, it is not an encryption type.
F: A trust Model is collection of rules that informs application on how to decide the legitimacy of a Digital Certificate.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 136, 248
https://en.wikipedia.org/wiki/Plausible_deniability#Use_in_cryptography
https://technet.microsoft.com/en-us/library/cc962065.aspx

CompTIA Security Plus Mock Test Q1123

A system administrator is setting up a file transfer server. The goal is to encrypt the user authentication and the files the user is sending using only a user ID and a key pair. Which of the following methods would achieve this goal?

A. AES
B. IPSec
C. PGP
D. SSH


Correct Answer: D
Section: Cryptography

Explanation:
With SSH you can use automatically generated public-private key pairs to encrypt a network connection, and then use password authentication to log on. Or you can use a manually
generated public-private key pair to perform the authentication, allowing users or programs to log in without having to specify a password.

Incorrect Answers:
A: AES is an algorithm used in symmetric key cryptography. Symmetric or secret-key ciphers use the same key for encrypting and decrypting. This means that there is only one key,
not a key pair.
B: IPSec provides secure authentication and encryption of data and headers for LAN-to-LAN connections.
C: Pretty Good Privacy (PGP) is mainly used for message encryption.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 91, 272
https://en.wikipedia.org/wiki/Secure_Shell
http://searchsecurity.techtarget.com/definition/Advanced-Encryption-Standard

CompTIA Security Plus Mock Test Q1120

RC4 is a strong encryption protocol that is generally used with which of the following?

A. WPA2 CCMP
B. PEAP
C. WEP
D. EAP-TLS

Correct Answer: C
Section: Cryptography

Explanation:
Rivest Cipher 4 (RC4) is a 128-bit stream cipher used WEP and WPA encryption.

Incorrect Answers:
A: Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) was created to replace WEP and TKIP/WPA, and is based on the Advanced Encryption
Standard (AES) encryption scheme.
B: PEAP (Protected Extensible Authentication Protocol) fully encapsulates EAP and is designed to work within a TLS (Transport Layer Security) tunnel that may be encrypted but is
authenticated.
D: EAP-TLS is the Extensible Authentication Protocol that makes use of Transport Layer Security protocol for authentication.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 62, 366

CompTIA Security Plus Mock Test Q1118

In order to use a two-way trust model the security administrator MUST implement which of the following?

A. DAC
B. PKI
C. HTTPS
D. TPM


Correct Answer: B
Section: Cryptography

Explanation:
PKI is a high level concept. Within a PKI you use a trust model to set up trust between Certification Authorities (CAs).
A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

Incorrect Answers:
A: DAC cannot be used to setup trust models.
Discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria “as a means of restricting access to objects based on the
identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission
(perhaps indirectly) on to any other subject (unless restrained by mandatory access control)”.
C: HTTPS is just a protocol. You cannot use HTTPS to set up trust models.
HTTPS is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet.
D: Trusted Platform Module (TPM) cannot be used to setup trust models.
A TPM can be used to assist with hash key generation. TPM is the name assigned to a chip that can store cryptographic keys, passwords, or certificates. TPM can be used to protect
smart phones and devices other than PCs as well. It can also be used to generate values used with whole disk encryption such as BitLocker.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 150, 151-152, 237, 274, 279-285, 290

CompTIA Security Plus Mock Test Q1114

Which of the following allows an organization to store a sensitive PKI component with a trusted third party?

A. Trust model
B. Public Key Infrastructure
C. Private key
D. Key escrow


Correct Answer: D
Section: Cryptography

Explanation:
Sensitive PKI data, such as private keys, can be put into key escrow data. The key escrow data can be kept at a trusted third party.
Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access
to those keys. These third parties may include businesses, who may want access to employees’ private communications, or governments, who may wish to be able to view the
contents of encrypted communications.

Incorrect Answers:
A: A trust Model is collection of rules that informs application on how to decide the legitimacy of a Digital Certificate. A trust model cannot store sensitive information.
B: A PKI cannot store sensitive information.
The Public-Key Infrastructure (PKI) is intended to offer a means of providing security to messages and transactions on a grand scale. The need for universal systems to support ecommerce,
secure transactions, and information privacy is one aspect of the issues being addressed with PKI.
C: A private key is a secret key. It is not used to stored sensitive information through a third party.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 262, 279-285, 285-289