CompTIA Security Plus Mock Test Q1487

A Company transfers millions of files a day between their servers. A programmer for the company has created a program that indexes and verifies the integrity of each file as it is replicated between servers. The programmer would like to use the fastest algorithm to ensure integrity. Which of the following should the programmer use?

A. SHA1
B. RIPEMD
C. DSA
D. MD5


Correct Answer: D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1421

A security analyst must ensure that the company’s web server will not negotiate weak ciphers with connecting web browsers. Which of the following supported list of ciphers MUST the security analyst disable? (Select THREE)

A. SHA
B. AES
C. RIPMED
D. NULL
E. DES
F. MD5
G. TWOFISH


Correct Answer: A,E,F
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1235

While working on a new project a security administrator wants to verify the integrity of the data in the organizations archive library. Which of the following is the MOST secure combination to implement to meet this goal? (Select TWO)

A. Hash with SHA
B. Encrypt with Diffie-Hellman
C. Hash with MD5
D. Hash with RIPEMD
E. Encrypt with AES

Correct Answer: C,D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1126

A technician wants to verify the authenticity of the system files of a potentially compromised system. Which of the following can the technician use to verify if a system file was compromised? (Select TWO).

A. AES
B. PGP
C. SHA
D. MD5
E. ECDHE


Correct Answer: C,D
Section: Cryptography

Explanation:
Hashing is used to prove the integrity of data to prove that it hasn’t been modified. Hashing algorithms are used to derive a key mathematically from a message. The most common
hashing standards for cryptographic applications are the SHA and MD algorithms.

Incorrect Answers:
A: AES is not a hashing algorithm.
B: PGPis not a hashing algorithm.
E: ECDHE is not a hashing algorithm.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 255, 256

CompTIA Security Plus Mock Test Q1057

Which of the following algorithms has well documented collisions? (Select TWO).

A. AES
B. MD5
C. SHA
D. SHA-256
E. RSA

Correct Answer: B,C
Section: Cryptography

Explanation:
B: MD5 biggest weakness is that it does not have strong collision resistance, and thus it is no longer recommended for use.
C: SHA-1 (also known as SHA) is being retired from most government uses; the U.S. National Institute of Standards and Technology said, “Federal agencies should stop using SHA-1
for…applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010”, though that was later
relaxed.
Note: The hashing algorithm must have few or no collisions. This means that hashing two different inputs does not give the same output.
Cryptographic hash functions are usually designed to be collision resistant. But many hash functions that were once thought to be collision resistant were later broken. MD5 and SHA-1
in particular both have published techniques more efficient than brute force for finding collisions.

Incorrect Answers:
A: AES has much fewer hash collisions compared to both MD5 and SHA.
D: SHA-256 (also known as SHA-2) has much fewer hash collisions compared to both MD5 and SHA.
E: RSA has much fewer hash collisions compared to both MD5 and SHA.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 252, 255, 255-256

CompTIA Security Plus Mock Test Q1040

Which of the following cryptographic algorithms is MOST often used with IPSec?

A. Blowfish
B. Twofish
C. RC4
D. HMAC


Correct Answer: D
Section: Cryptography

Explanation:
The HMAC-MD5-96 (also known as HMAC-MD5) encryption technique is used by IPSec to make sure that a message has not been altered.

Incorrect Answers:
A: Blowfish can be used with IPSec but not as often as HMAC.
B: Twofish, a variant of Blowfish, can be used with IPSec but not as often as HMAC.
C: RC4 is popular with wireless and WEP/WPA encryption. IPSec can use HMAC-MD5 for data integrity.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 139, 250, 251, 255-256, 260

CompTIA Security Plus Mock Test Q1033

Which of the following can be implemented with multiple bit strength?

A. AES
B. DES
C. SHA-1
D. MD5
E. MD4


Correct Answer: A
Section: Cryptography

Explanation:
AES (a symmetric algorithm) uses key sizes of 128, 192, or 256 bits.

Incorrect Answers:
B: The Data Encryption Standard (DES) has been used since the mid-1970s. It was the primary standard used in government and industry until it was replaced by AES. It’s based on a
56-bit key and has several modes that offer security and integrity.
C: The Secure Hash Algorithm (SHA) was designed to ensure the integrity of a message. SHA is a one-way hash that provides a hash value that can be used with an encryption
protocol. This algorithm produces a 160-bit hash value. SHA-2 has several sizes: 224, 256, 334, and 512 bit.
D: The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most
common are MD5, MD4, and MD2. MD5 is the newest version of the algorithm. It produces a 128-bit hash, but the algorithm is more complex than its predecessors and offers greater
security.
E: The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 251, 255-256

CompTIA Security Plus Mock Test Q1031

Users report that after downloading several applications, their systems’ performance has noticeably decreased. Which of the following would be used to validate programs prior to installing them?

A. Whole disk encryption
B. SSH
C. Telnet
D. MD5


Correct Answer: D
Section: Cryptography

Explanation:
MD5 can be used to locate the data which has changed.
The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most
common are MD5, MD4, and MD2.

Incorrect Answers:
A: Disk encryption would not help in checking integrity of downloaded files.
B: Secure Shell (SSH) is a tunnelling protocol originally used on Unix systems. It is not used to validate the integrity of files.
C: Telnet cannot be used to protect integrity of program files. Telnet is an interactive terminal emulation protocol. It allows a remote user to conduct an interactive session with a Telnet
server. This session can appear to the client as if it were a local session.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 76, 255, 271, 290