CompTIA Security Plus Mock Test Q1056

Which of the following offers the LEAST secure encryption capabilities?

A. TwoFish
B. PAP
C. NTLM
D. CHAP


Correct Answer: B
Section: Cryptography

Explanation:
PAP transmits unencrypted ASCII passwords over the network and is therefore considered insecure. It is used as a last resort when the remote server does not support a stronger
authentication protocol, like CHAP or EAP.

Incorrect Answers:
A: TwoFish provides stronger encryption compared to NTLM, CHAP and PAP. TwoFish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits.
TwoFish is related to the earlier block cipher Blowfish.
C: NTLM provides stronger encryption compared to CHAP and PAP. NT LAN Manager (NTLM) is a suite of Microsoft security protocols that provides authentication, integrity, and
confidentiality to users. NTLM is being replaced by Kerberos.
D: CHAP provides a more secure encryption than PAP. CHAP provides protection against replay attacks by the peer through the use of an incrementally changing identifier and of a
variable challenge-value.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 139, 143, 251, 256

CompTIA Security Plus Mock Test Q1055

Connections using point-to-point protocol authenticate using which of the following? (Select TWO).

A. RIPEMD
B. PAP
C. CHAP
D. RC4
E. Kerberos

Correct Answer: B,C
Section: Cryptography

Explanation:
B: A password authentication protocol (PAP) is an authentication protocol that uses a password. PAP is used by Point to Point Protocol to validate users before allowing them access
to server resources.
C: CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by
using a three-way handshake.

Incorrect Answers:
A: RIPEMD (RACE Integrity Primitives Evaluation Message Digest) is a family of cryptographic hash functions. RIPEMD is not used for point-to-point protocol authentication.
D: RC4 is not used for point-to-point protocol authentication.
RC4 (Rivest Cipher 4) is the most widely used software stream cipher and is used in popular Internet protocols such as Transport Layer Security (TLS).
E: Kerberos is primarily at aimed a client–server model, not at point-to-point connections, and it provides mutual authentication—both the user and the server verify each other’s
identity. It works on the basis of ‘tickets’ to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 139, 147-148, 251, 255

CompTIA Security Plus Mock Test Q864

Pete, a security auditor, has detected clear text passwords between the RADIUS server and the authenticator. Which of the following is configured in the RADIUS server and what technologies should the authentication protocol be changed to?

A. PAP, MSCHAPv2
B. CHAP, PAP
C. MSCHAPv2, NTLMv2
D. NTLM, NTLMv2


Correct Answer: A
Section: Access Control and Identity Management

Explanation:
PAP transmits the username and password to the authentication server in plain text.
MSCHAPv2 is utilized as an authentication option for RADIUS servers that are used for Wi-Fi security using the WPA-Enterprise protocol.

Incorrect Answers:
B, C: The scenario mentions that passwords between the RADIUS server and the authenticator are transmitted in clear text. Then the first part of the question asks what is configured
for the RADIUS server. The first part of these two options is CHAP and MSCHAPv2, which do not transmit in clear text.
D: NTLM is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 139
http://en.wikipedia.org/wiki/MS-CHAP
http://en.wikipedia.org/wiki/NT_LAN_Manager