CompTIA CompTIA Security+ JK0-022 Questions & Answers

• Question 761:

  Which of the following would provide the STRONGEST encryption?

  A. Random one-time pad

  B. DES with a 56-bit key

  C. AES with a 256-bit key

  D. RSA with a 1024-bit key

  Correct Answer: A

  One-time pads are the only truly completely secure cryptographic implementations. They are so secure for two reasons. First, they use a key that is as long as a plaintext message. That means there is no pattern in the key application for an

  attacker to use. Also, one-time pad keys are used only once and then discarded. So even if you could break a one-time pad cipher, that same key would never be used again, so knowledge of the key would be useless.

  Incorrect Answers:

  B, C, D: DES; AES, and RSA are less secure than one-time pads.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 250, 251, 252

• Question 762:

  Which of the following can use RC4 for encryption? (Select TWO).

  A. CHAP

  B. SSL

  C. WEP

  D. AES

  E. 3DES

  Correct Answer: BC

  B: In cryptography, RC4 (Rivest Cipher 4 also known as ARC4 or ARCFOUR meaning Alleged RC4) is the most widely used software stream cipher and is used in popular Internet protocols such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS).

  C: WEP also uses RC4, however WEP is still unsecure.

  Incorrect Answers:

  A: the Challenge-Handshake Authentication Protocol (CHAP) does not use RC4.

  D: The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data. AES make no use of RC4.

  E: Data Encryption Standard (DES) is a symmetric-key algorithm for the encryption of electronic data. DES make no use of RC4. Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) symmetric-key block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 143, 250, 258, 268-269

• Question 763:

  A security administrator must implement a wireless encryption system to secure mobile devices' communication. Some users have mobile devices which only support 56-bit encryption. Which of the following wireless encryption methods should be implemented?

  A. RC4

  B. AES

  C. MD5

  D. TKIP

  Correct Answer: A

  RC4 is popular with wireless and WEP/WPA encryption. It is a streaming cipher that works with key sizes between 40 and 2048 bits, and it is used in SSL and TLS.

  Incorrect Answers:

  B: AES supports key sizes of 128, 192, and 256 bits, with 128 bits being the default. Advanced Encryption Standard (AES) has replaced DES as the current standard, and it uses the Rijndael algorithm. It was developed by Joan Daemen and Vincent Rijmen. AES is the current product used by U.S. governmental agencies.

  C: The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most common are MD5, MD4, and MD2. MD4 was used by NTLM (discussed in a moment) to compute the NT Hash. MD5 is the newest version of the algorithm. It produces a 128-bit hash.

  D: To strengthen WEP encryption, a Temporal Key Integrity Protocol (TKIP) was employed. This placed a 128-bit wrapper around the WEP encryption with a key that is based on things such as the MAC address of the destination device and the serial number of the packet.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 171, 250, 251, 255

• Question 764:

  Due to hardware limitation, a technician must implement a wireless encryption algorithm that uses the RC4 protocol. Which of the following is a wireless encryption solution that the technician should implement while ensuring the STRONGEST level of security?

  A. WPA2-AES

  B. 802.11ac

  C. WPA-TKIP

  D. WEP

  Correct Answer: C

  WPA-TKIP uses the RC4 cipher.

  TKIP and the related WPA standard implement three new security features to address security problems encountered in WEP protected networks. First, TKIP implements a key mixing function that combines the secret root key with the initialization vector before passing it to the RC4 initialization. WEP, in comparison, merely concatenated the initialization vector to the root key, and passed this value to the RC4 routine. This permitted the vast majority of the RC4 based WEP related key attacks. Second, WPA implements a sequence counter to protect against replay attacks. Packets received out of order will be rejected by the access point. Finally, TKIP implements a 64-bit Message Integrity Check (MIC) To be able to run on legacy WEP hardware with minor upgrades, TKIP uses RC4 as its cipher. TKIP also provides a rekeying mechanism. TKIP ensures that every data packet is sent with a unique encryption key.

  Incorrect Answers:

  A: WPA2-AES does not use the RC4 protocol.

  B: 802.11ac does not use the RC4 protocol.

  D: WEP uses the RC4 protocol but is weaker in terms of security than WPA. WPA was created to replace WEP.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 171, 172-173, 258 http://en.wikipedia.org/wiki/Temporal_Key_Integrity_Protocol http://www.diffen.com/difference/

  WPA_vs_WPA2

• Question 765:

  Which of the following ciphers would be BEST used to encrypt streaming video?

  A. RSA

  B. RC4

  C. SHA1

  D. 3DES

  Correct Answer: B

  In cryptography, RC4 is the most widely used software stream cipher and is used in popular Internet protocols such as Transport Layer Security (TLS). While remarkable for its simplicity and speed in software, RC4 has weaknesses that argue against its use in new systems. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used; some ways of using RC4 can lead to very insecure protocols such as WEP.

  Because RC4 is a stream cipher, it is more malleable than common block ciphers. If not used together with a strong message authentication code (MAC), then encryption is vulnerable to a bit-flipping attack. The cipher is also vulnerable to a stream cipher attack if not implemented correctly. Furthermore, inadvertent double encryption of a message with the same key may accidentally output plaintext rather than ciphertext because the involutory nature of the XOR function would result in the second operation reversing the first. It is noteworthy, however, that RC4, being a stream cipher, was for a period of time the only common cipher that was immune to the 2011 BEAST attack on TLS 1.0. The attack exploits a known weakness in the way cipher block chaining mode is used with all of the other ciphers supported by TLS 1.0, which are all block ciphers.

  Incorrect Answers:

  A: RSA encryption is used for encrypting data in transit. RSA involves a public key and a private key. The public key can be known by everyone and is used for encrypting messages. Messages encrypted with the public key can only be

  decrypted in a reasonable amount of time using the private key. However, RSA is not used to encrypt streaming video.

  C: SHA stands for "secure hash algorithm". SHA-1 is the most widely used of the existing SHA hash functions, and is employed in several widely used applications and protocols including TLS and SSL, PGP, SSH, S/MIME, and IPsec. It is

  used to ensure data integrity. However, it is not used to encrypt streaming video.

  D: In cryptography, Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) symmetric-key block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each

  data block. The electronic payment industry uses Triple DES and continues to develop and promulgate standards based upon it (e.g. EMV). Microsoft OneNote, Microsoft Outlook 2007, and Microsoft System Center Configuration Manager

  2012, use Triple DES to password protect user content and system data.

  However, it is not used to encrypt streaming video.

  References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 250, 251, 255-256 http://en.wikipedia.org/wiki/RC4 http://en.wikipedia.org/wiki/SHA-1 http://en.wikipedia.org/wiki/Triple_DES

• Question 766:

  Which of the following uses both a public and private key?

  A.RSA

  B. AES

  C. MD5

  D. SHA

  Correct Answer: A

  The RSA algorithm is an early public-key encryption system that uses large integers as the basis for the process.

  RSA uses both a public key and a secret.

  RSA key generation process:

  1.

  Generate two large random primes, p and q, of approximately equal size such that their product, n = pq, is of the required bit length (such as 2048 bits, 4096 bits, and so forth).

  Let n = pq

  Let m = (p-1)(q-1)

  2.

  Choose a small number e, co-prime to m (note: Two numbers are co-prime if they have no common factors).

  3.

  Find d, such that

  de % m = 1

  4.

  Publish e and n as the public key. Keep d and n as the secret key.

  Incorrect Answers:

  B: AES (Advanced Encryption Standard) has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES) which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.

  C: The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most common are MD5, MD4, and MD2.

  D: The Secure Hash Algorithm (SHA) was designed to ensure the integrity of a message. SHA is a one-way hash that provides a hash value that can be used with an encryption protocol. This algorithm produces a 160-bit hash value.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 250, 251, 255-256

• Question 767:

  When creating a public / private key pair, for which of the following ciphers would a user need to specify the key strength?

  A. SHA

  B. AES

  C. DES

  D. RSA

  Correct Answer: D

  RSA (an asymmetric algorithm) uses keys of a minimum length of 2048 bits.

  Incorrect Answers:

  A: The Secure Hash Algorithm (SHA) was designed to ensure the integrity of a message. SHA is a one-way hash that provides a hash value that can be used with an encryption protocol. This algorithm produces a 160-bit hash value.

  B: Advanced Encryption Standard (AES) has replaced DES as the current standard, and it uses the Rijndael algorithm. It was developed by Joan Daemen and Vincent Rijmen. AES is the current product used by U.S. governmental agencies. It supports key sizes of 128, 192, and 256 bits, with 128 bits being the default.

  C: The Data Encryption Standard (DES) has been used since the mid-1970s. It was the primary standard used in government and industry until it was replaced by AES. It's based on a 56-bit key and has several modes that offer security and integrity.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 250, 251, 255-256

• Question 768:

  Which of the following cryptographic algorithms is MOST often used with IPSec?

  A. Blowfish

  B. Twofish

  C. RC4

  D. HMAC

  Correct Answer: D

  The HMAC-MD5-96 (also known as HMAC-MD5) encryption technique is used by IPSec to make sure that a message has not been altered.

  Incorrect Answers:

  A: Blowfish can be used with IPSec but not as often as HMAC.

  B: Twofish, a variant of Blowfish, can be used with IPSec but not as often as HMAC.

  C: RC4 is popular with wireless and WEP/WPA encryption. IPSec can use HMAC-MD5 for data integrity.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 139, 250, 251, 255-256, 260

• Question 769:

  Which of the following MUST Matt, a security administrator, implement to verify both the integrity and authenticity of a message while requiring a shared secret?

  A. RIPEMD

  B. MD5

  C. SHA

  D. HMAC

  Correct Answer: D

  HMAC (Hash-Based Message Authentication Code) uses a hashing algorithm along with a symmetric key. The hashing function provides data integrity, while the symmetric key provides authenticity.

  Incorrect Answers:

  A: RIPEMD is a hashing function only and will not provide authenticity. The RACE Integrity Primitives Evaluation Message Digest (RIPEMD) algorithm was based on MD4. There were questions regarding its security, and it has been replaced

  by RIPEMD-160, which uses 160 bits.

  B: MD5 is a hashing function only and will not provide authenticity. The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the

  most common are MD5, MD4, and MD2.

  C: SHA is a hashing function only and will not provide authenticity. The Secure Hash Algorithm (SHA) was designed to ensure the integrity of a message.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 139, 255, 260

• Question 770:

  Which of the following would Matt, a security administrator, use to encrypt transmissions from an internal database to an internal server, keeping in mind that the encryption process must add as little latency to the process as possible?

  A. ECC

  B. RSA

  C. SHA

  D. 3DES

  Correct Answer: D

  3DES would be less secure compared to ECC, but 3DES would require less computational power. Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break than many other systems, and it's more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys).

  Incorrect Answers:

  A: Elliptic Curve Cryptography (ECC) provides similar functionality to RSA but uses smaller key sizes to obtain the same level of security. ECC encryption systems are based on the idea of using points on a curve combined with a point at infinity and the difficulty of solving discrete logarithm problems.

  B: The RSA algorithm is an early public-key encryption system that uses large integers as the basis for the process. RSA encryption and decryption would require more computation compared to 3DES.

  C: SHA is not an encryption algorithm. The Secure Hash Algorithm (SHA) was designed to ensure the integrity of a message.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 250, 251, 253, 255, 255-256