CompTIA Security+ Question J-73

A system administrator wants to confidentially send a user name and password list to an individual outside the company without the information being detected by security controls. Which of the following would BEST meet this security goal?

A. Digital signatures
B. Hashing
C. Full-disk encryption
D. Steganography

Answer: D

Explanation:
Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video. Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.

CompTIA Security+ Question J-15

Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)?

A. Hashing
B. Transport encryption
C. Digital signatures
D. Steganography

Answer: D

Explanation:
Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video.

Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.

CompTIA Security+ Question I-62

Ann, a newly hired human resource employee, sent out confidential emails with digital signatures, to an unintended group. Which of the following would prevent her from denying accountability?

A. Email Encryption
B. Steganography
C. Non Repudiation
D. Access Control

Answer: C

Explanation:
Nonrepudiation prevents one party from denying actions they carried out.

CompTIA Security+ Question I-14

When confidentiality is the primary concern, and a secure channel for key exchange is not available, which of the following should be used for transmitting company documents?

A. Digital Signature
B. Symmetric
C. Asymmetric
D. Hashing

Answer: C

Explanation:
Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. Asymmetric algorithms do not require a secure channel for the initial exchange of secret keys between the parties.

CompTIA Security+ Question I-1

Ann would like to forward some Personal Identifiable Information to her HR department by email, but she is worried about the confidentiality of the information. Which of the following will accomplish this task securely?

A. Digital Signatures
B. Hashing
C. Secret Key
D. Encryption

Answer: D

Explanation:
Encryption is used to prevent unauthorized users from accessing data. Data encryption will support the confidentiality of the email.

CompTIA Security+ Question H-21

A software firm posts patches and updates to a publicly accessible FTP site. The software firm also posts digitally signed checksums of all patches and updates. The firm does this to address:

A. Integrity of downloaded software.
B. Availability of the FTP site.
C. Confidentiality of downloaded software.
D. Integrity of the server logs.

Answer: A

Explanation:
Digital Signatures is used to validate the integrity of the message and the sender. In this case the software firm that posted the patches and updates digitally signed the checksums of all patches and updates.

CompTIA Security+ Question G-93

A software company has completed a security assessment. The assessment states that the company should implement fencing and lighting around the property. Additionally, the assessment states that production releases of their software should be digitally signed. Given the recommendations, the company was deficient in which of the following core security areas? (Select TWO).

A. Fault tolerance
B. Encryption
C. Availability
D. Integrity
E. Safety
F. Confidentiality

Answer: D,E

Explanation:
Aspects such as fencing, proper lighting, locks, CCTV, Escape plans Drills, escape routes and testing controls form part of safety controls. Integrity refers to aspects such as hashing, digital signatures, certificates and non-repudiation – all of which has to do with data integrity.

CompTIA Security+ Question F-14

Which of the following is true about an email that was signed by User A and sent to User B?

A. User A signed with User B’s private key and User B verified with their own public key.
B. User A signed with their own private key and User B verified with User A’s public key.
C. User A signed with User B’s public key and User B verified with their own private key.
D. User A signed with their own public key and User B verified with User A’s private key.

Answer: B

Explanation:
The sender uses his private key, in this case User A’s private key, to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the message to the receiver. The receiver (User B) uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is authentic. The receiver uses a key provided by the sender—the public key—to decrypt the message.

CompTIA Security+ Question E-43

A security analyst has been notified that trade secrets are being leaked from one of the executives in the corporation. When reviewing this executive’s laptop they notice several pictures of the employee’s pets are on the hard drive and on a cloud storage network. When the analyst hashes the images on the hard drive against the hashes on the cloud network they do not match.
Which of the following describes how the employee is leaking these secrets?

A. Social engineering
B. Steganography
C. Hashing
D. Digital signatures

Answer: B

Explanation:
Steganography is the process of hiding one message in another. Steganography may also be referred to as electronic watermarking. It is also the process of hiding a message in a medium such as a digital image, audio fi le, or other fi le. In theory, doing this prevents analysts from detecting the real message. You could encode your message in another file or message and use that file to hide your message.

CompTIA Security+ Question E-7

An organization must implement controls to protect the confidentiality of its most sensitive data. The company is currently using a central storage system and group based access control for its sensitive information. Which of the following controls can further secure the data in the central storage system?

A. Data encryption
B. Patching the system
C. Digital signatures
D. File hashing

Answer: A

Explanation:
Data encryption makes data unreadable to anyone who does not have the required key to decrypt the data. The question states that the sensitive data is stored on a central storage system. Group based access control is used to control who can access the sensitive data. However, this offers no physical security for the data. Someone could steal the central storage system or remove the hard disks from it with the plan of placing the hard disks into another system to read the data on the disks. With the data encrypted, the data would be unreadable.