CompTIA Security+ Question L-81

Which of the following is a hardware-based security technology included in a computer?

A. Symmetric key
B. Asymmetric key
C. Whole disk encryption
D. Trusted platform module

Answer: D

Explanation:
Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

CompTIA Security+ Question K-96

Which of the following protocols uses an asymmetric key to open a session and then establishes a symmetric key for the remainder of the session?

A. SFTP
B. HTTPS
C. TFTP
D. TLS

Answer: D

Explanation:
SSL establishes a session using asymmetric encryption and maintains the session using symmetric encryption.

CompTIA Security+ Question I-14

When confidentiality is the primary concern, and a secure channel for key exchange is not available, which of the following should be used for transmitting company documents?

A. Digital Signature
B. Symmetric
C. Asymmetric
D. Hashing

Answer: C

Explanation:
Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. Asymmetric algorithms do not require a secure channel for the initial exchange of secret keys between the parties.

CompTIA Security+ Question H-1

Which of the following explains the difference between a public key and a private key?

A. The public key is only used by the client while the private key is available to all. Both keys are mathematically related.
B. The private key only decrypts the data while the public key only encrypts the data. Both keys are mathematically related.
C. The private key is commonly used in symmetric key decryption while the public key is used in asymmetric key decryption.
D. The private key is only used by the client and kept secret while the public key is available to all.

Answer: D

Explanation:
The private key must be kept secret at all time. The private key is only by the client. The public key is available to anybody.

CompTIA Security+ Question C-61

The Chief Technology Officer (CTO) wants to improve security surrounding storage of customer passwords.
The company currently stores passwords as SHA hashes. Which of the following can the CTO implement requiring the LEAST change to existing systems?

A. Smart cards
B. TOTP
C. Key stretching
D. Asymmetric keys

Answer: A

Explanation:
Smart cards usually come in two forms. The most common takes the form of a rectangular piece of plastic with an embedded microchip. The second is as a USB token. It contains a built in processor and has the ability to securely store and process information. A “contact” smart card communicates with a PC using a smart card reader whereas a “contactless” card sends encrypted information via radio waves to the PC. Typical scenarios in which smart cards are used include interactive logon, e-mail signing, e-mail decryption and remote access authentication. However, smart cards are programmable and can contain programs and data for many different applications. For example smart cards may be used to store medical histories for use in emergencies, to make electronic cash payments or to verify the identity of a customer to an e-retailer. Microsoft provides two device independent APIs to insulate application developers from differences between current and future implementations: CryptoAPI and Microsoft Win32® SCard APIs. The Cryptography API contains functions that allow applications to encrypt or digitally sign data in a flexible manner, while providing protection for the user’s sensitive private key data. All cryptographic operations are performed by independent modules known as cryptographic service providers (CSPs). There are many different cryptographic algorithms and even when implementing the same algorithm there are many choices to make about key sizes and padding for example. For this reason, CSPs are grouped into types, in which each supported CryptoAPI function, by default, performs in a way particular to that type. For example, CSPs in the PROV_DSS provider type support DSS Signatures and MD5 and SHA hashing.

CompTIA Security+ Question C-13

Symmetric encryption utilizes __________, while asymmetric encryption utilizes _________.

A. Public keys, one time
B. Shared keys, private keys
C. Private keys, session keys
D. Private keys, public keys

Answer: D

Explanation:
Symmetrical systems require the key to be private between the two parties. With asymmetric systems, each circuit has one key. In more detail:

*

Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected. A symmetric key, sometimes referred to as a secret key or private key, is a key that isn’t disclosed to people who aren’t authorized to use the encryption system.

*

Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. The sender uses the public key to encrypt a message, and the receiver uses the private key to decrypt the message; what one key does, the other one undoes.

CompTIA Security+ Question C-6

Which of the following BEST describes the weakness in WEP encryption?

A. The initialization vector of WEP uses a crack-able RC4 encryption algorithm. Once enough packets are captured an XOR operation can be performed and the asymmetric keys can be derived.
B. The WEP key is stored in plain text and split in portions across 224 packets of random data. Once enough packets are sniffed the IV portion of the packets can be removed leaving the plain text key.
C. The WEP key has a weak MD4 hashing algorithm used. A simple rainbow table can be used to generate key possibilities due to MD4 collisions.
D. The WEP key is stored with a very small pool of random numbers to make the cipher text. As the random numbers are often reused it becomes easy to derive the remaining WEP key.

Answer: D

Explanation:
WEP is based on RC4, but due to errors in design and implementation, WEP is weak in a number of areas, two of which are the use of a static common key and poor implementation of initiation vectors (IVs). When the WEP key is discovered, the attacker can join the network and then listen in on all other wireless client communications.

CompTIA Security+ Question A-19

Which of the following is true about asymmetric encryption?

A. A message encrypted with the private key can be decrypted by the same key
B. A message encrypted with the public key can be decrypted with a shared key.
C. A message encrypted with a shared key, can be decrypted by the same key.
D. A message encrypted with the public key can be decrypted with the private key.

Answer: D

Explanation:
Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. The sender uses the public key to encrypt a message, and the receiver uses the private key to decrypt the message; what one key does, the other one undoes.