An information system owner has supplied a new requirement to the development team that calls for increased non-repudiation within the application. After undergoing several audits, the owner determined that current levels of non-repudiation were insufficient. Which of the following capabilities would be MOST appropriate to consider implementing is response to the new requirement?
A. Transitive trust B. Symmetric encryption C. Two-factor authentication D. Digital signatures E. One-time passwords
Two users need to securely share encrypted files via email. Company policy prohibits users from sharing credentials or exchanging encryption keys. Which of the following can be implemented to enable users to share encrypted data while abiding by company policies?
A. Key escrow B. Digital signatures C. PKI D. Hashing
A company is implementing a system to transfer direct deposit information to a financial institution. One of the requirements is that the financial institution must be certain that the deposit amounts within the file have not been changed. Which of the following should be used to meet the requirement?
A. Key escrow B. Perfect forward secrecy C. Transport encryption D. Digital signatures E. File encryption
An administrator is implementing a security control that only permits the execution of allowed programs. Which of the following are cryptography concepts that should be used to identify the allowed programs? (Select two.)
A. Digital signatures B. Hashing C. Asymmetric encryption D. openID E. key escrow
Digital Signatures provide which of the following?
A. Confidentiality B. Authorization C. Integrity D. Authentication E. Availability
Correct Answer: C Section: Cryptography
A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender.
A: A cryptographic system would be needed to provide Confidentiality.
B: Digital signatures are not used for authorization.
D: Digital signature is one methods of verifying authenticity but there are other methods as well.
E: Digital signatures are not helpful in providing availability.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 414
Which of the following concepts is used by digital signatures to ensure integrity of the data?
A. Non-repudiation B. Hashing C. Transport encryption D. Key escrow
Correct Answer: B Section: Cryptography
Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit.
A: Regarding digital security, the cryptographical meaning and application of non-repudiation shifts to mean:
A service that provides proof of the integrity and origin of data.
An authentication that can be asserted to be genuine with high assurance.
C: Digital signatures are not implemented through transport encryption.
D: Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow
account (think of the term as it relates to home mortgages) and made available if that third party requests them.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 249, 255, 261, 262
A company’s employees were victims of a spear phishing campaign impersonating the CEO. The company would now like to implement a solution to improve the overall security posture by assuring their employees that email originated from the CEO. Which of the following controls could they implement to BEST meet this goal?
A. Spam filter B. Digital signatures C. Antivirus software D. Digital certificates
Correct Answer: B Section: Threats and Vulnerabilities
A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software, or digital document.
The digital equivalent of a handwritten signature or stamped seal, but offering far more inherent security, a digital signature is intended to solve the problem of tampering and impersonation in digital communications. Digital signatures can provide the added assurances of evidence to origin, identity and status of an electronic document, transaction or message, as well as acknowledging informed consent by the signer.
Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a public key algorithm such as RSA, one can generate two keys that are mathematically linked: one private and one public. To create a digital signature, signing software (such as an email program) creates a one-way hash of the electronic data to be signed. The private key is then used to encrypt the hash. The encrypted hash — along with other information, such as the hashing algorithm — is the digital signature. The reason for encrypting the hash instead of the entire message or document is that a hash function can convert an arbitrary input into a fixed length value, which is usually much shorter. This saves time since hashing is much faster than signing.
A: A spam filter is used to detect and block spam email. All inbound (and sometimes outbound) email is passed through the spam filter to detect spam emails. The spam emails are then discarded or tagged as potential spam according to the spam filter configuration. A spam filter is not used to guarantee the integrity of an email.
C: Anti-virus software is software installed on a computer to protect against viruses. An anti-virus program will scan files on the hard drive and scan files as they are accessed to see if the files contain a potential threat. Anti-virus software is not used to guarantee the integrity of an email.
D: In cryptography, a digital certificate is an electronic document that uses a digital signature to bind together a public key with an identity – for example, the name of an organization, etc. The certificate is used to confirm that a public key belongs to a specific organization.
Digital certificates are used to verify the trustworthiness of a website, while digital signatures are used to verify the trustworthiness of information. In the case of digital certificates, an organization may only trust a site if the digital certificates are issued by the organization itself or by a trusted certification source, like Verisign Inc. But, this doesn’t necessarily mean that the content of the site can be trusted; a trusted site may be infiltrated by a hacker who modifies the site’s content.
A company would like to take electronic orders from a partner; however, they are concerned that a non-authorized person may send an order. The legal department asks if there is a solution that provides non-repudiation. Which of the following would meet the requirements of this scenario?
A. Encryption B. Digital signatures C. Steganography D. Hashing E. Perfect forward secrecy
Correct Answer: B Section: Compliance and Operational Security
A digital signature is an electronic mechanism to prove that a message was sent from a specific user (that is, it provides for non-repudiation) and that the message wasn’t changed while in transit (it also provides integrity). Thus digital signatures will meet the stated requirements.
A: Encryption ensures that a message will not be changes during data transfer and will thus provide integrity and not non-repudiation.
C: Steganography is actually the process of hiding messages within messages. This will not meet the requirements.
D: Hashing is the numeric representation of the data in question to check whether the integrity of the data has been violated. It is similar to a type of cryptography. This will not meet the requirements on non-repudiation.
E: Perfect forward secrecy is a way of making sure that the compromise of an entity’s digital certificates does not compromise the security of any session’s keys.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 149, 323-325
Ann, a newly hired human resource employee, sent out confidential emails with digital signatures, to an unintended group. Which of the following would prevent her from denying accountability?
A. Email Encryption B. Steganography C. Non Repudiation D. Access Control
Correct Answer: C Section: Compliance and Operational Security
Nonrepudiation prevents one party from denying actions they carried out.
A: Email encryption is used to protect privacy.
B: Steganography is the process of hiding one message in another. Steganography may also be referred to as electronic watermarking.
C: Access Control is used to govern which users have access to the email.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 248, 262, 414