GCGA, a software development company, occasionally updates its software with major updates and minor patches. Administrators load these updates vĩ đại the company trang web along with a Hash associated with each update. Which of the following BEST describes the purpose of the Hash?
Availability of updates and patches.
Integrity of updates and patches.
Confidentiality of updates and patches.
Integrity of the application.
Integrity of updates and patches.
Explanation:
The hash provides integrity for the updates and patches ví that users can verify they have not been modified.
Installing updates and patches increases the availability of the application. Confidentiality is provided by encryption.
The hashes are for the updates and patches, ví they tự not provide integrity for the application.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 978). YCDA, LLC. Kindle Edition.
How well did you know this?
Users in your organization sign their emails with digital signatures. Which of the following provides integrity of these digital signatures?
Hashing
Encryption
Non-repudiation
Private Key
Hashing
Explanation:
Hashing provides integrity for digital signatures and other data.
A digital signature is a hash of the message encrypted with the sender’s private key, but the encryption doesn’t provide integrity.
The digital signature provides non-repudiation, but non-repudiation does not provide integrity.
The private key and public key are both needed, but the private key does not provide integrity.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (pp. 978-979). YCDA, LLC. Kindle Edition.
How well did you know this?
While reviewing logs on a trang web Server hosted by your organization, you notice multiple logon failures vĩ đại an FTP tài khoản, but they’re only happening about once every 30 minutes. You also see that the same password is being tried against the SSH tài khoản right after the FTP tài khoản login failure. What BEST describes what is happening?
Brute Force Attack
Dictionary Attack
Plaintext Attack
Spraying Attack
Spraying Attack
Explanation:
This indicates a password spraying attack. It loops through a list of accounts, guessing a password for one tài khoản at a time, and then guessing the same password for a different tài khoản. In this scenario, the attack may be guessing passwords for other servers before it returns vĩ đại the trang web server.
A brute force attack attempts vĩ đại guess all possible character combinations for a password, and a dictionary attack uses a dictionary of words trying vĩ đại discover the correct password. A spraying attack could use either a brute force method or a dictionary method when guessing the password; however, these methods tự not loop through a list of user accounts.
In a plaintext attack (also called a known plaintext attack), an attacker has samples of known plaintext and can use these samples vĩ đại decrypt ciphertext that includes this plaintext.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 979). YCDA, LLC. Kindle Edition.
How well did you know this?
An online application requires users vĩ đại log on with their tin nhắn address and a password. The application encrypts the passwords in a hashed format. Which of the following can be added vĩ đại decrease the likelihood that attackers can discover these passwords?
Rainbow Tables
Salt
Digital Signatures
Input Validation
Salt
Explanation:
A password salt is additional random characters added vĩ đại a password before hashing the password, and it decreases the success of password attacks.
Rainbow Rainbow tables are used by attackers and contain precomputed hashes, and salting is intended vĩ đại specifically thwart rainbow table attacks.
A digital signature provides authentication, non-repudiation, and integrity, but it doesn’t protect passwords.
Input validation techniques verify data is valid before using it, and they are unrelated vĩ đại protecting hashed passwords.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 979). YCDA, LLC. Kindle Edition.
How well did you know this?
** What is the primary difference between a block cipher and a stream cipher?
A Stream Cipher encrypts data 1 bit or 1 byte at a time.
A Block Cipher encrypts data 1 bit or 1 byte at a time.
Stream Ciphers are used for Symmetric Encryption, but Block Ciphers are used for Asymmetric Encryption.
Block Ciphers are used for Symmetric Encryption, but Steam Ciphers are used for Asymmetric Encryption.
A Stream Cipher encrypts data 1 bit or 1 byte at a time.
Explanation:
A stream cipher encrypts data a single bit or a single byte at a time and is more efficient when the size of the data is unknown, such as streaming audio or đoạn phim.
A block cipher encrypts data in specific-sized blocks, such as 64-bit blocks or 128-bit blocks.
Both are used with symmetric encryption algorithms.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (pp. 979-980). YCDA, LLC. Kindle Edition.
How well did you know this?
A developer is creating an application that will encrypt and decrypt data on mobile devices. These devices don’t have a lot of processing power. Which of the following cryptographic methods has the LEAST overhead and can provide encryption for these mobile devices?
Elliptic Curve Cryptography
Perfect Forward Secrecy
Salting
Digital Signatures
Elliptic Curve Cryptography (ECC)
Explanation:
Elliptic curve cryptography (ECC) has minimal overhead and is often used with mobile devices for encryption.
Perfect forward secrecy refers vĩ đại session keys and provides assurances that session keys will not be compromised even if a private key is later compromised.
Salting adds random characters vĩ đại a password before hashing it vĩ đại thwart rainbow table attacks.
Digital signatures provide integrity, authentication, and non-repudiation, but not encryption.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 980). YCDA, LLC. Kindle Edition.
How well did you know this?
** You are configuring a trang web Server that will be used by salespeople via the Internet. Data transferred vĩ đại and from the Server needs vĩ đại be encrypted, ví you are tasked with requesting a certificate for the Server. Which of the following would you MOST likely use vĩ đại request the certificate?
CA
CRL
CSR
OCSP
CSR (Certificate Signing Request)
Explanation:
You would request a certificate with a certificate signing request (CSR). It uses a specific format vĩ đại request a certificate.
You submit the CSR vĩ đại a certificate authority (CA), but the request needs vĩ đại be in the CSR format.
A certificate revocation list (CRL) is a list of revoked certificates.
The Online Certificate Status Protocol (OCSP) is an alternate method of validating certificates and indicates if a certificate is good, revoked, or unknown.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 980). YCDA, LLC. Kindle Edition.
How well did you know this?
** Users within an organization frequently access public trang web Servers using HTTPS. Management wants vĩ đại ensure that users can verify that Certificates are valid even if the public CAs are temporarily unavailable. Which of the following should be implemented vĩ đại meet this need?
OCSP
CRL
Private CA
CSR
CRL (Certificate Revocation List)
Explanation:
A certificate revocation list (CRL) can meet this need because CRLs are cached. If the public certificate authority (CA) is not reachable due vĩ đại any type of connection outage or CA outage, the cached CRL can be used if the cache time has not expired.
The Online Certificate Status Protocol (OCSP) works in real time where the client queries the CA with the serial number of the certificate. If the CA is unreachable, the certificate cannot be validated.
A private CA is used within an organization and cannot validate certificates from a public CA.
You request a certificate with a certificate signing request (CSR), but the CSR doesn’t validate an issued certificate.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 980). YCDA, LLC. Kindle Edition.
How well did you know this?
** Your organization hosts an internal trang web used only by employees. The trang web uses a certificate issued by a Private CA and the Network downloads a CRL from the CA once a week. However, after a recent compromise, Security administrators vĩ đại use a real-time alternative vĩ đại the CRL. Which of the following will BEST meet this need?
SAN
CSR
RA
OCSP
OCSP (Online Certificate Status Protocol)
Explanation:
The Online Certificate Status Protocol (OCSP) provides real-time responses vĩ đại validate certificates issued by a certificate authority (CA). A certificate revocation list (CRL) includes a list of revoked certificates, but if it is only downloaded once a week, it can quickly be out of date. None of the other answers validates certificates.
In the context of certificates, a subject alternative name (SAN) certificate is used for multiple domains that have different names but are owned by the same organization.
A certificate signing request (CSR) is used vĩ đại request a certificate.
A registration authority (RA) accepts CSRs for a CA.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 981). YCDA, LLC. Kindle Edition.
How well did you know this?
** An organization hosts several Web Servers in a trang web farm used for e-commerce. Due vĩ đại recent attacks, management is concerned that attackers might try vĩ đại redirect trang web traffic, allowing the attackers vĩ đại impersonate their e-commerce site. Which of the following methods will address this issue?
Stapling
Perfect Forward Secrecy
Pinning
Key Stretching
Pinning
Explanation:
Public key pinning provides clients with a list of public key hashes that clients can use vĩ đại detect trang web site impersonation attempts.
Stapling reduces Online Certificate Status Protocol (OCSP) traffic by appending a timestamped, digitally signed OCSP response vĩ đại a certificate.
Perfect forward secrecy ensures that the compromise of one session key does not compromise other session keys used in the past.
Key stretching techniques add additional bits (salts) vĩ đại passwords, making them harder vĩ đại crack.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 981). YCDA, LLC. Kindle Edition.
How well did you know this?
Management has mandated the use of digital signatures by all personnel within your organization. Which of the following use cases does this support?
Supporting Confidentiality
Supporting Availability
Supporting Obfuscation
Supporting Non-Repudiation
Supporting Non-Repudiation
Explanation:
Digital signatures will tư vấn a use case of supporting non-repudiation. Digital signatures also provide integrity and authentication, but these weren’t available answers.
Digital signatures don’t encrypt data, ví they tự not tư vấn a use case of supporting confidentiality.
Redundancy and fault-tolerance solutions will increase availability. Steganography is one way of supporting obfuscation.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 981). YCDA, LLC. Kindle Edition.
How well did you know this?
A DLP system detected confidential data being sent out via tin nhắn from Bart’s tài khoản. However, he denied sending the tin nhắn. Management wants vĩ đại implement a method that would prevent Bart from denying accountability in the future. Which of the following are they trying vĩ đại enforce?
Confidentiality
Encryption
Access Control
Non-Repudiation
Non-Repudiation
Explanation:
Non-repudiation methods such as digital signatures prevent users from denying they took an action. In this scenario, if a data loss protection (DLP) system detected the outgoing tin nhắn and it was signed with Bart’s tài khoản using a digital signature, he couldn’t believably deny sending it.
Encryption methods protect confidentiality.
Access control methods protect access vĩ đại data.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 982). YCDA, LLC. Kindle Edition.
How well did you know this?
Your organization recently updated the Security policy and mandated that emails sent by all upper-level executives include a digital signature. Which Security goal does this policy address?
Confidentiality
Hashing
Obfuscation
Authentication
Authentication
Explanation:
A digital signature is an encrypted hash of a message and it can be used vĩ đại provide authentication, integrity, and non-repudiation. Authentication identifies the sender of the tin nhắn.
Encryption provides confidentiality and prevents unauthorized disclosure.
Obfuscation methods attempt vĩ đại make something harder vĩ đại read, but a digital signature doesn’t provide obfuscation.
Hashing is a method used vĩ đại provide integrity, but hashing by itself isn’t a security goal.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 982). YCDA, LLC. Kindle Edition.
How well did you know this?
** You are tasked with getting prices for Certificates. You need vĩ đại find a source that will provide a Certificate that can be used for multiple domains that have different names. Which of the following certificates is the BEST choice?
SAN
Domain Validation
Extended Validation
Wildcard
SAN (Subject Alternative Name)
Explanation:
A subject alternative name (SAN) certificate is used for multiple domains that have different names but are owned by the same organization.
A domain-validated certificate indicates that the certificate requestor has some control over a Domain Name System (DNS) domain name.
Extended validation certificates use additional steps beyond domain name validation.
A wildcard certificate starts with an asterisk (*) and can be used for multiple domains, but each domain name name must have the same root domain name.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 982). YCDA, LLC. Kindle Edition.
How well did you know this?
Your organization recently lost access vĩ đại some decryption keys, resulting in loss of some encrypted data. The chief information office (CIO) mandated the creation of a key escrow. Which of the following cryptographic keys are MOST likely vĩ đại be stored in key escrow?
Public
Private
Ephemeral
Session
Private
Explanation:
Copies of private keys are typically stored in a key escrow ví that data encrypted with a private key can be retrieved if the original private key is no longer accessible.
Public keys are available vĩ đại anyone ví there is no need vĩ đại store them in a key escrow.
An ephemeral key has a short lifetime and is re-created for each session.
A session key is only used for a single session ví wouldn’t be stored in a key escrow.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide (p. 982). YCDA, LLC. Kindle Edition.
How well did you know this?
Which of the following is a Symmetric Encryption algorithm that encryps data 1 bit at a time?
Block Cipher
Stream Cipher
AES
DES
MD5
Stream Cipher
Explanation:
A stream cipher encrypts data a single bit or a single byte at a time and is more efficient when the size of the data is unknown, such as streaming audio or đoạn phim.
A block cipher encrypts data in specific-sized blocks, such as 64-bit blocks or 128-bit blocks.
Advanced Encryption Standard (AES) and Data Encryption Standard (DES) are block ciphers.
Message Digest 5 (MD5) is a hashing algorithm.
An organization requested bids for a contract and asked companies vĩ đại submit their bids via tin nhắn. After winning the bid, Acme realized it couldn’t meet the requirements of the contract. Acme instead stated that it never submitted the bid. Which of the following would provide proof vĩ đại the organization that Acme did submit the bid?
Digital Signature
Integrity
Repudiation
Encryption
Digital Signature
Explanation:
If Acme submitted the bid via tin nhắn using a digital signature, it would provide proof that the bid was submitted by Acme. Digital signatures provide verification of who sent a message, non-repudiation preventing them from denying it, and integrity verifying the message wasn’t modified.
Integrity verifies the message wasn’t modified.
Repudiation isn’t a valid security concept.
Encryption protects the confidentiality of data, but it doesn’t verify who sent it or provide non-repudiation.
An organization recently updated its Security policy. One change is a requirement for all internal trang web Servers vĩ đại only tư vấn HTTPS traffic. However, the organization doesn’t have the funds vĩ đại pay for this. Which of the following is the BEST solution?
Create code signing Certificates for the Web Servers.
Create one Wildcard Certificate for all the Web Servers.
Create a Public CA and issue Certificates from it.
Create Certificates signed by an Internal Private CA.
Create Certificates signed by an Internal Private CA (Certificate Authority)
A Supply Company has several legacy systems connected within a warehouse. An external Security audit discovered the company using DES for data-at-rest. It mandated the company upgrade from DES vĩ đại meet minimum Security requirements. The company plans vĩ đại replace the legacy systems next year, but needs vĩ đại meet the requirements from the audit. Which of the following is MOST likely vĩ đại be the simplest upgrade for these systems?
S/MIME
HMAC
3DES
TLS
3DES (Triple Data Encryption Standard)
Explanation:
The best choice is Triple Data Encryption Standard (3DES). None of the other answers are valid replacements for the symmetric encryption algorithm Data Encryption Standard (DES).
Secure/Multipurpose Internet Mail Extensions (S/MIME) is used vĩ đại digitally sign and encrypt tin nhắn.
Hash-based Message Authentication Code (HMAC) is a hashing algorithm used vĩ đại verify the integrity and authenticity of messages.
Transport Layer Security (TLS) uses both symmetric and asymmetric encryption vĩ đại encrypt data-in-transit, not data-at- rest.
Application developers are creating an application that requires users vĩ đại log on with strong passwords. The developers want vĩ đại store the passwords in such a way that it will thwart Brute Force Attacks. Which of the following is the BEST solution?
3DES
MD5
PBKDF2
Database Fields
PBKDF2 (Password-Based Key Derivation Function v2)