CompTIA CompTIA Security+ JK0-022 Questions & Answers

• Question 341:

  Which of the following would a security administrator use to verify the integrity of a file?

  A. Time stamp

  B. MAC times

  C. File descriptor

  D. Hash

  Correct Answer: D

  Hashing refers to the hash algorithms used in cryptography. It is used to store data, such as hash tables and it is a one-way transformation in order to validate the integrity of data.

  Incorrect Answers:

  A: Time stamp is used to check whether a certificate has expired or not.

  B: MAC times are pieces of file system metadata which record when certain events pertaining to a computer file occurred most recently. The events are usually described as "modification" (the data in the file was modified), "access" (some part of the file was read), and "metadata change" (the file's permissions or ownership were modified) also commonly used in forensics.

  C: File descriptor describing a file is not the same as verifying the integrity of the file.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 255, 260

• Question 342:

  An Information Systems Security Officer (ISSO) has been placed in charge of a classified peer- to-peer network that cannot connect to the Internet. The ISSO can update the antivirus definitions manually, but which of the following steps is MOST important?

  A. A full scan must be run on the network after the DAT file is installed.

  B. The signatures must have a hash value equal to what is displayed on the vendor site.

  C. The definition file must be updated within seven days.

  D. All users must be logged off of the network prior to the installation of the definition file.

  Correct Answer: B

  A hash value can be used to uniquely identify secret information. This requires that the hash function is collision resistant, which means that it is very hard to find data that generate the same hash value and thus it means that in hashing two different inputs will not yield the same output. Thus the hash value must be equal to that displayed on the vendor site.

  Incorrect Answers:

  A: To run a full scan is just important to check the status of your computer insofar as virus infections may be concerned, not the updating of the antivirus definitions when you cannot connect the P2P to the internet.

  C: This not a time constraint issue.

  D: Logging off of the network is not a requirement to install updates.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 255

• Question 343:

  The security administrator is implementing a malware storage system to archive all malware seen by the company into a central database. The malware must be categorized and stored based on similarities in the code. Which of the following should the security administrator use to identify similar malware?

  A. TwoFish

  B. SHA-512

  C. Fuzzy hashes

  D. HMAC

  Correct Answer: C

  Hashing is used to ensure that a message has not been altered. It can be useful for positively identifying malware when a suspected file has the same hash value as a known piece of malware. However, modifying a single bit of a malicious file will alter its hash value. To counter this, a continuous stream of hash values is generated for rolling block of code. This can be used to determine the similarity between a suspected file and known pieces of malware.

  Incorrect Answers:

  A: Twofish is a block cipher algorithm that operates on 128-bit blocks of data and can use cryptographic keys of up to 256 bits in length. It is used to provide confidentiality protection of data.

  B: SHA-512 is a version of Secure Hash Algorithm (SHA) and is a 512-bit hash algorithm that can be used for hashing. Hashing is not an encryption algorithm but the hash can be used to verify that the data has not been altered.

  D: Hash-based Message Authentication Code (HMAC) is a hash algorithm that guarantees the integrity of a message during transmission, but does not provide non-repudiation.

  References:

  http://blog.sei.cmu.edu/post.cfm/fuzzy-hashing-techniques-in-applied-malware-analysis Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 332-333, 336

• Question 344:

  Which of the following concepts describes the use of a one way transformation in order to validate the integrity of a program?

  A. Hashing

  B. Key escrow

  C. Non-repudiation

  D. Steganography

  Correct Answer: A

  Hashing refers to the hash algorithms used in cryptography. It is used to store data, such as hash tables and its main characteristics are:

  It must be one-way it is not reversible.

  Variable-length input produces fixed-length output whether you have two characters or 2 million, the hash size is the same. The algorithm must have few or no collisions in hashing two different inputs does not give the same output.

  Incorrect Answers:

  B: Key escrow is used with nonrepudiation in that the third party in the two-key system may also need access keys. Under the conditions of key escrow, the keys needed to decrypt/encrypt data are held in an escrow account and made available if that third party requests it. The opposite of key escrow is a key recovery agent.

  C: Nonrepudiation prevents one party from denying actions that they carried out and in the electronic world nonrepudiation measures can be a two-key cryptographic system and the involvement of a third party to verify the validity. This respected third party `vouches' for the individuals in the two-key system.

  D: Steganography is the process of hiding a message in a medium such as a digital image, audio fi le, or other file. In theory, doing this prevents analysts from detecting the real message. You could encode your message in another fi le or message and use that fi le to hide your message.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 248, 255, 262, 291

• Question 345:

  A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as:

  A. Symmetric cryptography.

  B. Private key cryptography.

  C. Salting.

  D. Rainbow tables.

  Correct Answer: C

  Salting can be used to strengthen the hashing when the passwords were encrypted. Though hashing is a one-way algorithm it does not mean that it cannot be hacked. One method to hack a hash is though rainbow tables and salt is the counter measure to rainbow tables. With salt a password that you typed in and that has been encrypted with a hash will yield a letter combination other than what you actually types in when it is rainbow table attacked.

  Incorrect Answers:

  A: Symmetric cryptography refers to symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected. A symmetric key, sometimes referred to as a secret key or private key, is a key that isn't disclosed to people who aren't authorized to use the encryption system. The disclosure of a private key breaches the security of the encryption system.

  B: Private Key cryptography is also known as symmetric cryptography.

  D: Rainbow tables can be used to break a hash. A rainbow table attack focuses on identifying a stored value. By using values in an existing table of hashed phrases or words (think of taking a word and hashing it every way you can imagine) and comparing them to values found.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 249-250, 256

• Question 346:

  Which of the following functions provides an output which cannot be reversed and converts data into a string of characters?

  A. Hashing

  B. Stream ciphers

  C. Steganography

  D. Block ciphers

  Correct Answer: A

  Hashing refers to the hash algorithms used in cryptography. It is used to store data, such as hash tables one of its characteristics is that it must be one-way it is not reversible.

  Incorrect Answers:

  B: A stream cipher is similar to a block cipher in that they are both symmetric methods of cryptography. The difference is that with a stream cipher the data is encrypted one bit, or byte, at a time whereas with a block cipher the algorithm works on chunks of data.

  C: Steganography is the process of hiding a message in a medium such as a digital image, audio fi le, or other file. In theory, doing this prevents analysts from detecting the real message. You could encode your message in another fi le or message and use that fi le to hide your message.

  D: A block cipher is a symmetric method in cryptography that encrypts data in chunks; very similar to stream ciphers.

  References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 248, 255, 291 http://en.wikipedia.org/wiki/Hash_function http://www.webopedia.com/TERM/H/hashing.html

• Question 347:

  A security analyst has been notified that trade secrets are being leaked from one of the executives in the corporation. When reviewing this executive's laptop they notice several pictures of the employee's pets are on the hard drive and on a cloud storage network. When the analyst hashes the images on the hard drive against the hashes on the cloud network they do not match.

  Which of the following describes how the employee is leaking these secrets?

  A. Social engineering

  B. Steganography

  C. Hashing

  D. Digital signatures

  Correct Answer: B

  Steganography is the process of hiding one message in another. Steganography may also be referred to as electronic watermarking. It is also the process of hiding a message in a medium such as a digital image, audio fi le, or other fi le. In theory, doing this prevents analysts from detecting the real message. You could encode your message in another file or message and use that file to hide your message.

  Incorrect Answers:

  A: Social engineering is the process by which intruders gain access to your facilities, your network, and even your employees by exploiting the generally trusting nature of people. A social engineering attack may come from someone posing as a vendor, or it could take the form of an email from a (supposedly) traveling executive who indicates that they have forgotten how to log on to the network or how to get into the building over the weekend.

  C: Hashing refers to the hash algorithms used in Cryptography.

  D: Digital Signatures is used to validate the integrity of the message and the sender.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 248, 255, 261, 355, 414

• Question 348:

  A security audit identifies a number of large email messages being sent by a specific user from their company email account to another address external to the company. These messages were sent prior to a company data breach, which prompted the security audit. The user was one of a few people who had access to the leaked data. Review of the suspect's emails show they consist mostly of pictures of the user at various locations during a recent vacation. No suspicious activities from other users who have access to the data were discovered.

  Which of the following is occurring?

  A. The user is encrypting the data in the outgoing messages.

  B. The user is using steganography.

  C. The user is spamming to obfuscate the activity.

  D. The user is using hashing to embed data in the emails.

  Correct Answer: B

  Steganography is the process of hiding one message in another. Steganography may also be referred to as electronic watermarking. It is also the process of hiding a message in a medium such as a digital image, audio fi le, or other fi le. In theory, doing this prevents analysts from detecting the real message. You could encode your message in another file or message and use that file to hide your message.

  Incorrect Answers:

  A: Encrypting data means securing the data.

  C: Spamming is any unwanted email.

  D: Hashing refers to the hash algorithms used in cryptography.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 248, 255, 261

• Question 349:

  After recovering from a data breach in which customer data was lost, the legal team meets with the Chief Security Officer (CSO) to discuss ways to better protect the privacy of customer data.

  Which of the following controls support this goal?

  A. Contingency planning

  B. Encryption and stronger access control

  C. Hashing and non-repudiation

  D. Redundancy and fault tolerance

  Correct Answer: B

  Encryption is used to protect data/contents/documents. Access control refers to controlling who accesses any data/contents/documents and to exercise authorized control to the accessing of that data.

  Incorrect Answers:

  A: Contingency planning is part of a disaster-recovery plan.

  C: Hashing refers to the hash algorithms used in cryptography. Nonrepudiation prevents one party from denying actions they carried out.

  D: Redundancy and fault tolerance refers to the ability to sustain operation in the event of system and component failure.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 155, 262, 291

• Question 350:

  Several departments within a company have a business need to send high volumes of confidential information to customers via email. Which of the following is the BEST solution to mitigate unintentional exposure of confidential information?

  A. Employ encryption on all outbound emails containing confidential information.

  B. Employ exact data matching and prevent inbound emails with Data Loss Prevention.

  C. Employ hashing on all outbound emails containing confidential information.

  D. Employ exact data matching and encrypt inbound e-mails with Data Loss Prevention.

  Correct Answer: A

  Encryption is used to ensure the confidentiality of information and in this case the outbound email that contains the confidential information should be encrypted.

  Incorrect Answers:

  B: DLP system should be set to monitor the outbound emails not the inbound email since the company will be sending out confidential email.

  C: Hashing refers to the hash algorithms used in cryptography. It is used to store data, such as hash tables.

  D: Encrypting inbound email would be futile if the data protection should be carried out on outbound email.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 236, 255, 291