CompTIA Security Plus Mock Test Q1503

A security administrator needs to implement a technology that creates a secure key exchange. Neither party involved in the key exchange will have pre-existing knowledge of one another. Which of the following technologies would allow for this?

A. Blowfish
B. NTLM
C. Diffie-Hellman
D. CHAP


Correct Answer: C
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1342

A security administrator wishes to implement a method of generating encryption keys from user passwords to enhance account security. Which of the following would accomplish this task?

A. NTLMv2
B. Blowfish
C. Diffie-Hellman
D. PBKDF2

Correct Answer: C
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1264

An SSL session is taking place. After the handshake phase has been established and the cipher has been selected, which of the following are being used to secure data in transport? (Select TWO)

A. Symmetrical encryption
B. Ephemeral Key generation
C. Diffie-Hellman
D. AES
E. RSA
F. Asymmetrical encryption

Correct Answer: C,E
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1199

An agent wants to create fast and efficient cryptographic keys to use with Diffie-Hellman without using prime numbers to generate the keys. Which of the following should be used?

A. Elliptic curve cryptography
B. Quantum cryptography
C. Public key cryptography
D. Symmetric cryptography

Correct Answer: D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1121

A security administrator must implement a secure key exchange protocol that will allow company clients to autonomously exchange symmetric encryption keys over an unencrypted channel. Which of the following MUST be implemented?

A. SHA-256
B. AES
C. Diffie-Hellman
D. 3DES

Correct Answer: C
Section: Cryptography

Explanation:
Diffie-Hellman key exchange (D-H) is a means of securely generating symmetric encryption keys across an insecure medium.

Incorrect Answers:
A: SHA-256 can used to detect violations of data integrity. It will not, however, allow company clients to autonomously exchange symmetric encryption keys over an unencrypted
channel.
B: AES is a specification for the encryption of electronic data. It will not, however, allow company clients to autonomously exchange symmetric encryption keys over an unencrypted
channel.
D: 3DES is symmetric-key algorithm for the encryption of electronic data. It will not, however, allow company clients to autonomously exchange symmetric encryption keys over an
unencrypted channel.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 336
https://en.wikipedia.org/wiki/SHA-2
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
https://en.wikipedia.org/wiki/Triple_DES

CompTIA Security Plus Mock Test Q1053

A security administrator must implement a system to allow clients to securely negotiate encryption keys with the company’s server over a public unencrypted communication channel. Which of the following implements the required secure key negotiation? (Select TWO).

A. PBKDF2
B. Symmetric encryption
C. Steganography
D. ECDHE
E. Diffie-Hellman


Correct Answer: D,E
Section: Cryptography

Explanation:
Elliptic curve Diffie–Hellman (ECDH) is an anonymous key agreement protocol that allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret
over an insecure channel. This shared secret may be directly used as a key, or better yet, to derive another key which can then be used to encrypt subsequent communications using a
symmetric key cipher. It is a variant of the Diffie–Hellman protocol using elliptic curve cryptography.
Note: Adding an ephemeral key to Diffie-Hellman turns it into DHE (which, despite the order of the acronym, stands for Ephemeral Diffie-Hellman).
Adding an ephemeral key to Elliptic Curve Diffie-Hellman turns it into ECDHE (again, overlook the order of the acronym letters; it is called Ephemeral Elliptic Curve Diffie-Hellman). It is
the ephemeral component of each of these that provides the perfect forward secrecy.

Incorrect Answers:
A: PBKDF2 is to strengthen keys, but it would resolve the problem with the key exchange on an unsecure channel.
PBKDF2 (Password-Based Key Derivation Function 2) is part of PKCS #5
v. 2.01. It applies some function (like a hash or HMAC) to the password or passphrase along with Salt to produce a derived key.
B: Symmetric encryption would not in itself help on an unsecure channel.
C: Steganography is the process of hiding one message in another. Steganography is not used for secure key negotiation.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 248, 249-251, 254, 256