CompTIA Security+ Question E-74

A security administrator must implement a system to allow clients to securely negotiate encryption keys with the company’s server over a public unencrypted communication channel.
Which of the following implements the required secure key negotiation? (Select TWO).

A. PBKDF2
B. Symmetric encryption
C. Steganography
D. ECDHE
E. Diffie-Hellman

Answer: D,E

Explanation:
Elliptic curve Diffie–Hellman (ECDH) is an anonymous key agreement protocol that allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret over an insecure channel. This shared secret may be directly used as a key, or better yet, to derive another key which can then be used to encrypt subsequent communications using a symmetric

key cipher. It is a variant of the Diffie–Hellman protocol using elliptic curve cryptography. Note: Adding an ephemeral key to Diffie-Hellman turns it into DHE (which, despite the order of the acronym, stands for Ephemeral Diffie-Hellman). Adding an ephemeral key to Elliptic Curve Diffie-Hellman turns it into ECDHE (again, overlook the order of the acronym letters; it is called Ephemeral Elliptic Curve Diffie-Hellman). It is the ephemeral component of each of these that provides the perfect forward secrecy.

CompTIA Security+ Question D-88

An administrator has two servers and wants them to communicate with each other using a secure algorithm.
Which of the following choose to provide both CRC integrity checks and RCA encryption?

A. NTLM
B. RSA
C. CHAP
D. ECDHE

Answer: D

Explanation:
ECDHE provides both CRC integrity checks and RCA encryption. Adding an ephemeral key to Elliptic Curve Diffie-Hellman turns it into ECDHE. It is the ephemeral component of each of these that provides the perfect forward secrecy. Forward secrecy is a property of any key exchange system, which ensures that if one key is compromised, subsequent keys will not also be compromised. Perfect forward secrecy occurs when this process is unbreakable.

CompTIA Security+ Question C-51

Which of the following represents a cryptographic solution where the encrypted stream cannot be captured by a sniffer without the integrity of the stream being compromised?

A. Elliptic curve cryptography.
B. Perfect forward secrecy.
C. Steganography.
D. Quantum cryptography.

Answer: D

Explanation:
Quantum cryptography is a cryptosystem that is completely secure against being compromised without knowledge of the sender or the receiver of the messages.

CompTIA Security+ Question A-78

A company would like to take electronic orders from a partner; however, they are concerned that a non-authorized person may send an order. The legal department asks if there is a solution that provides non-repudiation. Which of the following would meet the requirements of this scenario?

A. Encryption
B. Digital signatures
C. Steganography
D. Hashing
E. Perfect forward secrecy

Answer: B

Explanation:
A digital signature is an electronic mechanism to prove that a message was sent from a specific user (that is, it provides for non-repudiation) and that the message wasn’t changed while in transit (it also provides integrity). Thus digital signatures will meet the stated requirements.