CompTIA CompTIA Security+ JK0-022 Questions & Answers

• Question 331:

  Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify that the email came from Joe and decrypt it? (Select TWO).

  A. The CA's public key

  B. Ann's public key

  C. Joe's private key

  D. Ann's private key

  E. The CA's private key

  F. Joe's public key

  Correct Answer: DF

  Joe wants to send a message to Ann. It's important that this message not be altered. Joe will use the private key to create a digital signature. The message is, in effect, signed with the private key. Joe then sends the message to Ann. Ann will use the public key attached to the message to validate the digital signature. If the values match, Ann knows the message is authentic and came from Joe. Ann will use a key provided by Joe--the public key--to decrypt the message. Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit. Thus Ann would compare the signature area referred to as a message in the message with the calculated value digest (her private key in this case). If the values match, the message hasn't been tampered with and the originator is verified as the person they claim to be.

  Incorrect Answers:

  A: The certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates.

  B: Ann is the recipient and her public key is not required to verify e-mail sent by Joe.

  C: Ann requires Joe's public key, not his private key.

  E: A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates. A certificate is nothing more than a mechanism that associates the public key with an individual.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 261, 279 http://searchsecurity.techtarget.com/definition/digital-signature

• Question 332:

  Digital signatures are used for ensuring which of the following items? (Select TWO).

  A. Confidentiality

  B. Integrity

  C. Non-Repudiation

  D. Availability

  E. Algorithm strength

  Correct Answer: BC

  A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message. Nonrepudiation prevents one party from denying actions that they carried out and in the electronic world nonrepudiation measures can be a two-key cryptographic system and the involvement of a third party to verify the validity. This respected third party `vouches' for the individuals in the two-key system. Thus non-repudiation also impacts on integrity.

  Incorrect Answers:

  A: Confidentiality means that the message/data retains its privacy.

  D: Availability refers to the measures that are used to keep services and systems operational.

  E: Digital signatures are not used to ensure algorithm strength.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 248, 255, 262 261, 414

• Question 333:

  Which of the following is used by the recipient of a digitally signed email to verify the identity of the sender?

  A. Recipient's private key

  B. Sender's public key

  C. Recipient's public key

  D. Sender's private key

  Correct Answer: B

  When the sender wants to send a message to the receiver. It's important that this message not be altered. The sender uses the private key to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the message to the receiver. The recipient uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is authentic. Thus the recipient uses the sender's public key to verify the sender's identity.

  Incorrect Answers:

  A: The recipient's private key is not required to check the identity of the sender.

  C: The public key must be sent to the recipient by the sender, the recipient cannot use their own public key.

  D: The sender must use the private key to create the digital signature.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 261

• Question 334:

  Matt, a security administrator, wants to ensure that the message he is sending does not get intercepted or modified in transit. This concern relates to which of the following concepts?

  A. Availability

  B. Integrity

  C. Accounting

  D. Confidentiality

  Correct Answer: B

  Integrity means ensuring that data has not been altered. Hashing and message authentication codes are the most common methods to accomplish this. In addition, ensuring nonrepudiation via digital signatures supports integrity.

  Incorrect Answers:

  A: Availability refers to the measures that are used to keep services and systems operational.

  C: Accounting refers to applications.

  D: Confidentiality means that the message/data retains its privacy.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 414

• Question 335:

  It is important to staff who use email messaging to provide PII to others on a regular basis to have confidence that their messages are not intercepted or altered during transmission. They are concerned about which of the following types of security control?

  A. Integrity

  B. Safety

  C. Availability

  D. Confidentiality

  Correct Answer: A

  Integrity means that the messages/ data is not altered. PII is personally identifiable information that can be used to uniquely identify an individual. PII can be used to ensure the integrity of data/messages.

  Incorrect Answers:

  B: Safety concerns would refer to the physical safety and aspect of security, measures such fences, lighting, locks, CCTV, escape plans, etc. is the focus.

  C: Availability refers to the measures that are used to keep services and systems operational.

  D: Confidentiality would refer to preventing unauthorized users from accessing the messages.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 401, 404, 413, 414

• Question 336:

  A software firm posts patches and updates to a publicly accessible FTP site. The software firm also posts digitally signed checksums of all patches and updates. The firm does this to address:

  A. Integrity of downloaded software.

  B. Availability of the FTP site.

  C. Confidentiality of downloaded software.

  D. Integrity of the server logs.

  Correct Answer: A

  Digital Signatures is used to validate the integrity of the message and the sender. In this case the software firm that posted the patches and updates digitally signed the checksums of all patches and updates.

  Incorrect Answers:

  B: Availability is not the concern in this case since the patches and updates are posted to a publicly accessible FTP site.

  C: Confidentiality is not an issue since the patches and updates are posted to a publicly accessible FTP site.

  D: The server logs are not the focus of the integrity concerns.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 261, 414

• Question 337:

  An email client says a digital signature is invalid and the sender cannot be verified. The recipient is concerned with which of the following concepts?

  A. Integrity

  B. Availability

  C. Confidentiality

  D. Remediation

  Correct Answer: A

  A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message. Digital Signatures is used to validate the integrity of the message and the sender. Integrity means the message can't be altered without detection.

  Incorrect Answers:

  B: Availability refers to the measures that are used to keep services and systems operational

  C: Confidentiality means that the message/data retains its privacy.

  D: Remediation is concerned with security posturing.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 261, 291, 414

• Question 338:

  Company A submitted a bid on a contract to do work for Company B via email. Company B was insistent that the bid did not come from Company A. Which of the following would have assured that the bid was submitted by Company A?

  A. Steganography

  B. Hashing

  C. Encryption

  D. Digital Signatures

  Correct Answer: D

  A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message.

  Incorrect Answers:

  A: Steganography is the process of hiding a message in a medium such as a digital image, audio fi le, or other file. In theory, doing this prevents analysts from detecting the real message. You could encode your message in another fi le or

  message and use that fi le to hide your message.

  B: Hashing refers to the hash algorithms used in cryptography. It is used to store data, such as hash tables and its main characteristics are:

  It must be one-way it is not reversible.

  Variable-length input produces fixed-length output whether you has two characters of 2 million, the hash size is the same. The algorithm must have few or no collisions in hashing two different inputs does not give the same output.

  C: Encryption is too wide a concept since all companies would have their bids encrypted. Encryption is part of the process when making use of digital signatures.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 248, 255, 261, 291

• Question 339:

  Matt, a forensic analyst, wants to obtain the digital fingerprint for a given message. The message is 160-bits long. Which of the following hashing methods would Matt have to use to obtain this digital fingerprint?

  A. SHA1

  B. MD2

  C. MD4

  D. MD5

  Correct Answer: A

  The Secure Hash Algorithm (SHA) was designed to ensure the integrity of a message. SHA is a one-way hash that provides a hash value that can be used with an encryption protocol. This algorithm produces a 160-bit hash value. SHA (1 or 2) is preferred over Message Digest Algorithm.

  Incorrect Answers:

  B: The Message Digest Algorithm (MD) also creates a hash value and uses a one-way hash. It produces a 128-bit hash.

  C: MD4 is another version of the Message Digest Algorithm and produces a 128-bit hash.

  D: MD5 is another version of the Message Digest Algorithm and produces a 128-bit hash.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 255-356

• Question 340:

  Sara, a security administrator, manually hashes all network device configuration files daily and compares them to the previous days' hashes. Which of the following security concepts is Sara using?

  A. Confidentiality

  B. Compliance

  C. Integrity

  D. Availability

  Correct Answer: C

  Integrity means the message can't be altered without detection.

  Incorrect Answers:

  A: Confidentiality means that the message/data retains its privacy.

  B: Compliance refers to the degree which documents represent the standards that are agreed upon.

  D: Availability refers to the measures that are used to keep services and systems operational

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 291