CompTIA Security Plus Mock Test Q1639

In an effort to reduce data storage requirements, a company devices to hash every file and eliminate duplicates. The data processing routines are time sensitive so the hashing algorithm is fast and supported on a wide range of systems. Which of the following algorithms is BEST suited for this purpose?

A. MD5
B. SHA
C. RIPEMD
D. AES

Correct Answer: B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1611

A company is implementing a system to transfer direct deposit information to a financial institution. One of the requirements is that the financial institution must be certain that the deposit amounts within the file have not been changed. Which of the following should be used to meet the requirement?

A. Key escrow
B. Perfect forward secrecy
C. Transport encryption
D. Digital signatures
E. File encryption

Correct Answer: D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1329

In which of the following scenarios would it be preferable to implement file level encryption instead of whole disk encryption?

A. A server environment where the primary security concern is integrity and not file recovery
B. A cloud storage environment where multiple customers use the same hardware but possess different encryption keys
C. A SQL environment where multiple customers access the same database
D. A large datacenter environment where each customer users dedicated hardware resources

Correct Answer: B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1226

The access control list (ACL) for a file on a server is as follows:
User: rwx
User: Ann: r- –
User: Joe: r- –
Group: rwx
Group: sales: r-x
Other: r-x
Joe and Ann are members of the Human Resources group. Will Ann and Joe be able to run the file?

A. No since Ann and Joe are members of the Sales group owner of the file
B. Yes since the regular permissions override the ACL for the file
C. No since the ACL overrides the regular permissions for the file
D. Yes since the regular permissions and the ACL combine to create the effective permissions on the file

Correct Answer: C
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1132

A system administrator wants to confidentially send a username and password list to an individual outside the company without the information being detected by security controls. Which of the following would BEST meet this security goal?

A. Digital signatures
B. Hashing
C. Full-disk encryption
D. Steganography


Correct Answer: D
Section: Cryptography

Explanation:
Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video.
Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted
messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice
of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the
message.

Incorrect Answers:
A: A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender.
B: A hash function is used to map digital data of variable size to digital data of fixed length
C: Full-disk encryption would encrypt an entire volume, making the data inaccessible to an attacker who tries to bypass the computer’s security by booting another operating system. It
would not, however, allow a system administrator to confidentially send a user name and password list to an individual outside the company without the information being detected by
security controls.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 261, 290, 414
http://en.wikipedia.org/wiki/Steganography

CompTIA Security Plus Mock Test Q1123

A system administrator is setting up a file transfer server. The goal is to encrypt the user authentication and the files the user is sending using only a user ID and a key pair. Which of the following methods would achieve this goal?

A. AES
B. IPSec
C. PGP
D. SSH


Correct Answer: D
Section: Cryptography

Explanation:
With SSH you can use automatically generated public-private key pairs to encrypt a network connection, and then use password authentication to log on. Or you can use a manually
generated public-private key pair to perform the authentication, allowing users or programs to log in without having to specify a password.

Incorrect Answers:
A: AES is an algorithm used in symmetric key cryptography. Symmetric or secret-key ciphers use the same key for encrypting and decrypting. This means that there is only one key,
not a key pair.
B: IPSec provides secure authentication and encryption of data and headers for LAN-to-LAN connections.
C: Pretty Good Privacy (PGP) is mainly used for message encryption.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 91, 272
https://en.wikipedia.org/wiki/Secure_Shell
http://searchsecurity.techtarget.com/definition/Advanced-Encryption-Standard

CompTIA Security Plus Mock Test Q1122

A security administrator at a company which implements key escrow and symmetric encryption only, needs to decrypt an employee’s file. The employee refuses to provide the decryption key to the file. Which of the following can the administrator do to decrypt the file?

A. Use the employee’s private key
B. Use the CA private key
C. Retrieve the encryption key
D. Use the recovery agent


Correct Answer: C
Section: Cryptography

Explanation:
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow
account and made available if that third party requests them. The third party in question is generally the government, but it could also be an employer if an employee’s private
messages have been called into question.

Incorrect Answers:
A: Symmetric encryption uses only one shared key, which is the one that the one that employee refuses to provide.
B: Symmetric encryption uses only one shared key, which is the one that the one that employee refuses to provide.
D: Recovery agents are typically used to access information that is encrypted with older keys.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 249, 262

CompTIA Security Plus Mock Test Q1111

Company A sends a PGP encrypted file to company B. If company A used company B’s public key to encrypt the file, which of the following should be used to decrypt data at company B?

A. Registration
B. Public key
C. CRLs
D. Private key

Correct Answer: D
Section: Cryptography

Explanation:
In a PKI the sender encrypts the data using the receiver’s public key. The receiver decrypts the data using his own private key.
PKI is a two-key, asymmetric system with four main components: certificate authority (CA), registration authority (RA), RSA (the encryption algorithm), and digital certificates.
Messages are encrypted with a public key and decrypted with a private key.
A PKI example:
You want to send an encrypted message to Jordan, so you request his public key.
Jordan responds by sending you that key.
You use the public key he sends you to encrypt the message.
You send the message to him.
Jordan uses his private key to decrypt the message.

Incorrect Answers:
A: Registration is not used to decrypt files. Key registration is the process of providing certificates to users
B: If the public key is used to encrypt the file, then we cannot use this public key to decrypt the file. We need the private key.
The private and the public key are mathematically linked and make a key pair. You cannot use two public keys to encrypt and decrypt the data.
C: CRLs are not used to decrypt files. A CRL is a database of revoked keys and certificates.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 279-285, 280-281, 285

CompTIA Security Plus Mock Test Q1109

Ann wants to send a file to Joe using PKI. Which of the following should Ann use in order to sign the file?

A. Joe’s public key
B. Joe’s private key
C. Ann’s public key
D. Ann’s private key


Correct Answer: D
Section: Cryptography

Explanation:
The sender uses his private key, in this case Ann’s private key, to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the message
to the receiver. The receiver uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is authentic.
The receiver uses a key provided by the sender—the public key—to decrypt the message.
Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit.

Incorrect Answers:
A: The sender’s (Ann’s) not Joe’s key must be used.
B: The sender’s (Ann’s) not Joe’s key must be used.
C: The sender’s private key, not her public key, is used to sign the message file.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 279-285