Free CompTIA Security+ Practice Chapter 10

Ref: CompTIA Security Plus Get Certified Get Ahead SY0-701 Study Guide

CompTIA Security+ (SY0-701) – Chapter 10

1 / 165

What distinguishes a password spraying attack from other types of brute force or dictionary attacks?

A. A password spraying attack does not use an automated program.

B. A password spraying attack only attempts each password once on a long list of user accounts.

C. A password spraying attack bypasses account lockout policies by exceeding the time limit between logon attempts.

D. A password spraying attack avoids generating Event ID 4625.

2 / 165

What purposes can a certificate in asymmetric encryption serve besides including the public key?

A. Identify the CA that issued the certificate

B. Reference serial numbers of revoked certificates

C. Provide usage specificities for the certificate

D. All of the above

3 / 165

What is an offline password attack according to the context?

A. A type of attack where an attacker repeatedly guesses the username and password of an online system

B. Attempt to discover passwords from a captured database or captured packet scan

C. It’s when the attacker uses ncrack tool to run online brute force password attacks

D. The process where system logs recording successful and unsuccessful logons are analyzed for potential threats

4 / 165

What is the purpose of a hash in cryptography?

A. It encrypts the data to make it unreadable if intercepted.

B. It ensures the integrity of the data by creating a number derived from the data.

C. It provides a level of confidentiality by hiding data within other files.

D. It verifies user identity.

5 / 165

What does hashing provide for messages?

A. Encryption

B. Integrity

C. Confidentiality

D. Accessibility

6 / 165

Which of the following best describes the function and use of a wildcard certificate?

A. It is used to validate the authentication of executable applications or scripts

B. It is issued by the root CA

C. It starts with an asterisk (*) and can be used for multiple domains if each domain name has the same root domain

D. It is used for multiple domains that have different names but are owned by the same organization

7 / 165

Which of the following is a function of Secure/Multipurpose Internet Mail Extensions (S/MIME)?

A. It enhances graphic designs in email.

B. It allows emails to load faster.

C. It digitizes physical mails.

D. It is used to digitally sign and encrypt email.

8 / 165

What are the three security benefits provided by digital signatures?

A. Confidentiality, Integrity, Authentication

B. Non-repudiation, Authentication, Integrity

C. Encryption, Decryption, Authorization

D. Verification, Encryption, Authentication

9 / 165

What is a common method used in video steganography and why does it have a drawback?

A. Modifying the speed of the video, but can distort the visual perception

B. Modifying the least significant bits of some bytes within the file, but can cause noise in the audio

C. Modifying the color saturation, but can lead to file corruption

D. Adding new frames into the video, but can increase the video size excessively

10 / 165

What does high resiliency refer to in the context of cryptography?

A. The speed at which data can be encrypted and decrypted.

B. The ability to hide data in other files.

C. The security of encryption keys even when part of the key is discovered by an attacker.

D. The capacity to support low power devices.

11 / 165

What is one of the first steps in thwarting an offline brute force attack?

A. Use simple passwords

B. Store passwords in a plain text format

C. Use complex passwords and store the passwords in an encrypted or hashed format

D. Use shorter passwords

12 / 165

Which of the following statements about the Canonical Encoding Rules (CER) is correct?

A. CER is a binary format

B. CER files have headers and footers

C. CER is defined by the American Standard Code for Information Interchange (ASCII)

D. CER is not used in cryptography

13 / 165

Which cryptographic algorithms are used to support deploying cryptography on low power devices, such as wireless devices and IoT devices?

A. Hashing protocols

B. OCSP

C. ECC and other lightweight cryptography algorithms

D. Digital signatures

14 / 165

Why is it important to consider the limitations of different algorithms?

A. To identify the algorithm that requires the least amount of resources

B. To identify the algorithm that is the easiest to use

C. To identify the best algorithm to meet specific requirements

D. To identify the algorithm with the fewest limitations

15 / 165

What is a key difference between the behavior of bits in regular computing vs. quantum computing?

A. In regular computing, a bit can have multiple values at once.

B. In quantum computing, the value of a qubit is not dependent on other qubits.

C. In regular computing, the value of any single bit is dependent on other bits.

D. In quantum computing, the value of a qubit can be dependent on the value of other entangled qubits.

16 / 165

What does the ’Subject’ element in a certificate represent?

A. The CA that issued the certificate

B. The unique identifier of the certificate

C. The owner of the certificate

D. The expiry dates of the certificate

17 / 165

What does the term ’block’ in ’blockchain’ refer to?

A. The physical hardware storing the blockchain

B. Pieces of digital information (the ledger)

C. The network of computers that verify and record transactions

D. The transaction fees and rewards miners earn

18 / 165

What is a key element in a Public Key Infrastructure (PKI)?

A. Digital certificates

B. Certificate authority (CA)

C. HTTPS sessions

D. Internet traffic

19 / 165

What is the main function of OpenSSL in certificate registration?

A. Conducts the validation process

B. Facilitates financial transactions for certificate purchase

C. Creates public-private key pairs

D. Serves as the Registration Authority

20 / 165

What is the purpose of an encryption algorithm?

A. To make data unreadable to unauthorized users

B. To enhance data for an improved user experience

C. To compress data for more efficient storage

D. To convert data into plaintext for easy reading

21 / 165

What does a hash function in cryptography ensure?

A. Confidentiality of the data

B. Non-repudiation of an action

C. Integrity of the data

D. Authentication of an identity

22 / 165

Which of the following describes the correct use of public and private keys in asymmetric encryption?

A. Only a public key can decrypt information encrypted with a matching public key

B. A private key is used to encrypt information and only the matching public key can decrypt the same information

C. The keys in a matched pair can decipher the encrypted information irrespective of which key was used for encryption

D. Private keys should be freely shared

23 / 165

What is the primary use of a Subject Alternative Name (SAN) certificate?

A. It is used to identify the computer within a domain.

B. It provides additional evidence to clients that the certificate and the organization are trustworthy.

C. It is used for multiple domains that have different names but are owned by the same organization.

D. It indicates that the certificate requestor has some control over a DNS domain.

24 / 165

What is the purpose of Secure Hash Algorithms (SHA) within the context of system security?

A. They are used for generating strong passwords

B. They are used to verify the integrity of files

C. They provide encryption for data transmissions

D. They protect against brute-force attacks

25 / 165

What is a characteristic of a self-signed certificate?

A. It must be issued by a trusted CA

B. It is trusted by default.

C. It carries high purchase cost.

D. Private CAs within an enterprise often create self-signed certificates.

26 / 165

Why is MD5 no longer recommended as a cryptographic hash?

A. It is highly prone to data loss

B. It is highly susceptible to collision attacks

C. It always generates a unique hash

D. Its performance is very poor

27 / 165

What does a lack of entropy result in when related to cryptographic algorithms?

A. A stronger algorithm

B. An easier algorithm to crack

C. A more complex algorithm

D. A more expensive algorithm

28 / 165

What is the primary consequence of a man-in-the-middle attack on a Quantum key distribution (QKD) connection?

A. The attacker gains access to the symmetric key

B. The attack remains undetected

C. The attacker is able to clone the quantum connection

D. The data is changed and the QKD connection is corrupted

29 / 165

What is the purpose of audio beacons in the context of audio steganography?

A. To amplify the sound quality of the device.

B. To identify and track user’s activity.

C. To improve voice recognition software.

D. To create a more immersive audio experience.

30 / 165

What purpose do hashes serve in file verification as demonstrated by the Kali Linux image download example?

A. Hashes allow the user to see if the file has been downloaded without any loss of data.

B. Hashes allow the file to be downloaded faster.

C. Hashes provide information about the file size and structure.

D. Hashes store user data for the downloaded file.

31 / 165

Which of these is NOT part of the process of validating a certificate?

A. Checking if the certificate is expired

B. Checking if the certificate is issued by a trusted CA

C. Checking if the certificate has been revoked by requesting a CRL

D. Checking if the certificate has a private key clipped to it

32 / 165

What is a notable weakness of the PBKDF2 key stretching technique?

A. It does not use a salt when generating hashes.

B. It can only generate bit sizes of up to 512 bits.

C. It can be configured to use less computing time and less RAM, allowing for faster password guess attempts.

D. It cannot be used with HMAC.

33 / 165

What is one main use of Machine/Computer certificates?

A. Encryption of emails

B. Validation of executable applications and scripts

C. Identifying the computer within a domain

D. Providing evidence to clients that the certificate and the organization are trustworthy

34 / 165

What does the term ’Data in processing’ refer to in the context of encryption?

A. Data encrypted and waiting to be decrypted

B. Data sent over a network that is encrypted

C. Data being used by a computer that is not encrypted while in use

D. Data stored on media that is commonly encrypted

35 / 165

Which of the following best describes the purpose of encryption as part of cryptography?

A. To provide a proof of an identity

B. To scramble data to make it unreadable if intercepted

C. To create a fixed-length string of bits or hexadecimal characters

D. To prevent a party from denying an action

36 / 165

What purpose does the Serial Number serve in a certificate?

A. It identifies the owner of the certificate

B. It is used to indicate the validity dates of the certificate

C. It uniquely identifies the certificate and is used by the CA to validate it

D. It is used to indicate the usages of the certificate

37 / 165

Which of the following is not mentioned in the study material as a characteristic of symmetric algorithms?

A. They are commonly used.

B. They are exhaustive.

C. They are not exhaustive.

D. They have a short listing.

38 / 165

What is a critical difference between SSL and TLS?

A. SSL is still commonly used for encryption of Internet data

B. TLS and SSL are exactly the same

C. TLS requires certificates while SSL does not

D. SSL uses a combination of symmetric and asymmetric encryption, but TLS does not

39 / 165

What is the role of a key recovery agent in the context of a PKI?

A. A key recovery agent is responsible for creating new encryption keys.

B. A key recovery agent is an individual who can recover or restore cryptographic keys.

C. A key recovery agent is responsible for deleting old encryption keys.

D. A key recovery agent is responsible for updating the encryption algorithm.

40 / 165

Which mode of operation used with encryption does not provide authenticity?

A. Authenticated

B. Counter (CTR)

C. Unauthenticated

D. MAC

41 / 165

Which of the following is NOT a security benefit provided by the use of digital signatures?

A. Authentication

B. Non-repudiation

C. Encryption of the actual message

D. Integrity

42 / 165

Which of the following best describes the MD5 hashing algorithm?

A. A 256-bit hash that uses hexadecimal characters

B. A 512-bit hash that uses the characters a through z

C. A 128-bit hash that produces a string of 1s and 0s

D. A 128-bit hash that displays as 32 hexadecimal characters

43 / 165

What key is used to encrypt an email digital signature?

A. The sender’s public key

B. The recipient’s public key

C. The sender’s private key

D. The recipient’s private key

44 / 165

Why might a Certificate Authority (CA) revoke a certificate?

A. If the CA itself is compromised through a security breach

B. If a private key is leaked to the public

C. If the certificate is outdated

D. Both A and B

45 / 165

What does the ROT13 cipher do in symmetric encryption?

A. Always uses a key of 13 and replaces plaintext with ciphertext using a fixed system.

B. Always uses a key of 3 and replaces plaintext with ciphertext using a fixed system.

C. Always uses a key of 13 and performs an exhaustive search to find the key.

D. Always uses a key of 3 and finds the prime factors of a large composite number to establish a secure connection.

46 / 165

What is a Trusted Root Certification Authority store?

A. A collection of all certificates issued by the Certificate Authority (CA).

B. The first certificate created by the CA that identifies it.

C. A collection of root certificates from different CAs that have been placed there for trust.

D. A single root certificate from COMODO Certification Authority.

47 / 165

What is the benefit of Perfect forward secrecy in a cryptographic system?

A. It increases certificate validation.

B. It allows for the use of a deterministic algorithm to generate public keys.

C. It ensures that a compromised key does not affect the security of past keys.

D. It extends the lifetime of a certificate.

48 / 165

Which steps are involved in sending an encrypted email using only asymmetric encryption?

A. The sender uses their own keys to encrypt the email and the recipient decrypts using their private key

B. The sender encrypts the email with the recipient’s public key and the recipient decrypts the email with their private key

C. The sender uses the recipient’s private key to encrypt the email and the recipient decrypts the email with their public key

D. The sender and recipient both use a shared private key to encrypt and decrypt the email

49 / 165

Which of the following security benefits does a digital signature provide when a recipient successfully decrypts the hash included in a digitally signed email?

A. Authentication, Non-repudiation, and Integrity

B. Confidentiality, Integrity, and Availability

C. Non-repudiation, Availability, and Authentication

D. Integrity, Confidentiality, and Authentication

50 / 165

What is a birthday attack in the context of computing security?

A. It is a type of attack where an attacker identifies a user’s actual date of birth for identity theft purposes.

B. It is a type of attack where an attacker tries to create a password that produces the same hash as the user’s actual password.

C. It is an attack that only works on a user’s birthday.

D. It is a method for bypassing two-factor authentication.

51 / 165

What is the primary vulnerability of symmetric encryption if the same key is continuously reused?

A. The key becomes easily guessable.

B. All data encrypted with the key is compromised if the key is cracked.

C. The encryption process becomes much slower.

D. It poses no vulnerability, reusing the key is recommended.

52 / 165

What is a significant difference between block ciphers and stream ciphers according to the given text?

A. Block ciphers are more efficient for encrypting data in a continuous stream.

B. Stream ciphers divide data into specific-sized blocks for encryption.

C. Block ciphers encrypt data in specific-sized blocks, while stream ciphers encrypt data as a stream of bits or bytes.

D. Block ciphers and stream ciphers use different keys for encryption and decryption.

53 / 165

What is a dictionary attack and how can it be prevented?

A. It is a type of virus and can be prevented by using an antivirus

B. It is a type of physical attack to steal data from a computer and can be prevented by securing the physical environment

C. It is a type of password attack that attempts every word in a dictionary and can be prevented by using complex passwords

D. It is a type of software bug and can be prevented by regular updates

54 / 165

When did NIST recommend deprecating 1024-bit keys and implementing 2048 keys, and until when do they predict 2048-bit keys should be safe?

A. Deprecated in 2011, safe until 2015

B. Deprecated in 2010, safe until 2030

C. Deprecated in 2011, safe until 2030

D. Deprecated in 2010, safe until 2015

55 / 165

What are the three security benefits of using a digital signature?

A. Confidentiality, Non-repudiation, and Integrity

B. Authentication, Non-repudiation, and Integrity

C. Authentication, Privacy, and Integrity

D. Confidentiality, Non-repudiation, and Privacy

56 / 165

What is the function of ’User’ type of certificate?

A. It is used for validation of executable applications or scripts.

B. It is used for encryption, authentication, smart cards, and more.

C. It is issued to devices or computers to identify them within a domain.

D. It is used to sign emails for confidentiality and integrity.

57 / 165

Why is a slower algorithm desired when salting and hashing passwords?

A. To reduce computational load

B. To prevent the decrypted password from being easily readable

C. To thwart attackers attempting to guess the correct password using many possibilities

D. To make the process of validating a single password longer

58 / 165

Why might an organization choose to keep some CAs offline, as per the text?

A. To submit the CSR using an automated process

B. To protect them from network-based attacks

C. To ease the process of a CSR request

D. So that the RSA-based private key can be sent to the CA

59 / 165

What is the correct statement regarding P7B certificates?

A. They are used to hold private keys

B. They are DER based and binary formats

C. They might include a private key

D. They are CER-based and commonly used to share public keys

60 / 165

What would happen if your friend tried to decrypt your encoded message with a key of six, but you encrypted the message with a key of three in symmetric encryption?

A. Your friend would still get the correct original message

B. Your friend would get a completely different message

C. The message would not be decryptable

D. The decryption process would take longer

61 / 165

Which of the following file extension is commonly used for a PEM file holding just the private key?

A. .pem

B. .cer

C. .key

D. .p12

62 / 165

What are the two primary methods of encryption described in the text?

A. Symmetric and Asymmetric

B. Algorithmic and Key-based

C. Plaintext and Ciphertext

D. Clear text and Encode text

63 / 165

What is the purpose of steganography in cryptography?

A. It creates a fixed-length string of bits or hexadecimal characters from data

B. It scrambles data to make it unreadable if intercepted

C. It provides a level of confidentiality by hiding data within other files

D. It validates an identity

64 / 165

Which of the following statements best describes the efficiency of the Advanced Encryption Standard (AES) based on the given text?

A. AES is more resource intensive compared to other encryption algorithms such as 3DES.

B. AES encryption process takes longer than most encryption algorithms.

C. AES encrypts and decrypts slowly when ciphering data on small devices such as USB flash drives.

D. AES is less resource intensive than other encryption algorithms and it encrypts and decrypts quickly on small devices.

65 / 165

What is the purpose of Public Key Pinning?

A. To increase OCSP traffic to and from the CA

B. To prevent attackers from impersonating a web site using fraudulent certificates

C. To append the certificate with a timestamped digitally signed OCSP response from the CA

D. To allow web site administrators to create hashes of one or more certificates used by the web site

66 / 165

Which of the following is NOT a characteristic or function of key stretching?

A. It applies a cryptographic stretching algorithm to a salted password.

B. It decreases the time and computing resources needed for password protection.

C. It includes techniques such as bcrypt, PBKDF2, and Argon2.

D. It salts the password with additional bits before sending the result through a cryptographic algorithm.

67 / 165

Which of the following correctly represents non-repudiation in the context of digital signatures?

A. The recipient can confirm the message came from the sender

B. The message was not modified or corrupted

C. The sender cannot deny having sent the message

D. The message is kept secret from unauthorized individuals

68 / 165

What does size, in relation to cryptography, typically refer to?

A. The physical size of the device using the encryption algorithm

B. The time it takes for the algorithm to execute

C. The amount of memory space required by the algorithm to execute

D. The length of the encryption key used in the algorithm

69 / 165

What does Confidentiality ensure in the context of cryptography?

A. Ensures an identity is validated

B. Prevents a party from denying an action

C. Ensures that data has not been modified

D. Ensures that data is only viewable by authorized users

70 / 165

What is the primary purpose of steganography?

A. To encrypt data

B. To hide data inside other data

C. To create symmetric or asymmetric keys

D. To create a different hash algorithm

71 / 165

What does ’Data at rest’ refer to?

A. Data being sent over a network

B. Data currently in use by the computer

C. Data stored on media

D. Data that has been deleted

72 / 165

What are the three security benefits provided by Digital Signature Algorithm?

A. Confidentiality, Authorization, and Authentication

B. Authentication, Non-repudiation, and Integrity

C. Authorization, Accounting, and Authentication

D. Integrity, Confidentiality, and Authorization

73 / 165

What does it signify when you can unlock the Rayburn box with the matching public key?

A. The message inside the box is a secret

B. The box was locked with a public key

C. The box was locked with the matching private key

D. Multiple copies of the public key exist

74 / 165

What are the essential components that enable a block to be added to a blockchain?

A. A transaction occurred, the transaction has been verified by a network of computers, the transaction is accurately recorded in a block, the block is assigned a unique hash

B. A transaction occurred, the transaction is verified by one computer, a unique hash is assigned to the transaction, the block with the transaction is added to the blockchain

C. A transaction occurred, the transaction is checked by a miner, the block is given a unique hash, the block with the transaction is sent to the network of computers

D. A transaction occurred, the transaction is verified by two computers, the block gets a unique hash, the block with the transaction is sent to the blockchain

75 / 165

What is a key principle to remember when using a stream cipher?

A. Encryption keys should always be reused.

B. Decrypting data can be done without a key.

C. The size of the data does not affect the efficiency of the cipher.

D. Encryption keys should never be reused.

76 / 165

Which certificate type uses additional steps beyond domain validation and used to display the name of the organisation before the URL in some browsers?

A. Self-signed certificate

B. Wildcard certificate

C. Extended validation (EV) certificate

D. Machine/Computer certificate

77 / 165

What are the benefits of using homomorphic encryption?

A. It allows data to be shared without privacy concerns

B. It allows data to be processed while remaining encrypted

C. It allows data to be stored and manipulated as integers

D. All of the above

78 / 165

What is the main characteristic of Asymmetric encryption as defined in the CompTIA Security+ exam guide?

A. It uses the same key to encrypt and decrypt data.

B. Anything encrypted with the public key can be decrypted with any key.

C. It doesn’t require a Public Key Infrastructure (PKI) to issue certificates.

D. Anything encrypted with the public key can only be decrypted with the matching private key.

79 / 165

Which of the following statements best describes the difference between a hash and a checksum?

A. Hashes are small pieces of data, while checksums are larger numbers used in cryptographic implementations.

B. Hashes and checksums are used interchangeably because they serve the same function.

C. Checksums are generally small data used to quickly verify data integrity, while hashes are longer numbers used in strong cryptographic implementations.

D. Checksums are cryptographically secure, while hashes are not.

80 / 165

What is a key characteristic of asymmetric encryption?

A. They use the same key for encryption and decryption

B. They freely share private keys

C. They use a public key to decrypt information encrypted with a matching private key

D. They are less resource-intensive than symmetric encryption

81 / 165

Which of the following best describes the function of a Certificate Authority (CA)?

A. It issues driver’s licenses and identity proofs

B. It sells software products

C. It issues, manages, validates, and revokes certificates

D. It develops encryption algorithms

82 / 165

Which of the following use cases is supported by encryption protocols in relation to cryptographic concepts as listed in the SY-601 exam objectives?

A. Supporting non-repudiation

B. Supporting obfuscation

C. Supporting confidentiality

D. Supporting low power devices

83 / 165

What are the two primary security methods provided by cryptography for email protection?

A. Firewall and Intrusion Prevention Systems

B. Authentication and Authorization

C. Digital Signatures and Encryption

D. VPN and Proxy servers

84 / 165

What does Cryptographic diversity typically refer to?

A. Using the same methods to protect security keys

B. Using different methods to protect security keys

C. Using NISTIR 8214A for Cryptographic Primitives

D. Using multiple HSMs to reveal the entire key

85 / 165

What does predictability refer to in the context of cryptography?

A. The ability to repeat the same cryptographic algorithm and get different results each time

B. The tendency of a pseudo-random number generator to produce the same output given the same input

C. The use of environmental factors like atmospheric noise in creating encryption keys

D. The predictability of an encryption key if the input to a true random number generator is known

86 / 165

What are some of the strengths of the Advanced Encryption Standard (AES)?

A. It is slow and resources intensive, but provides strong encryption

B. It uses elegant mathematical formulas and requires only one pass to encrypt and decrypt data

C. It uses a simple mathematical formula and requires multiple passes to encrypt and decrypt data

D. It encrypts data in 64-bit blocks and uses key sizes of 64 bits, 128 bits, or 192 bits

87 / 165

What is the function of digital signatures in the context of cryptographic concepts?

A. They are used to support integrity.

B. They are used to support confidentiality.

C. They are used to support non-repudiation.

D. They are used to support high resilience.

88 / 165

What is the primary purpose of a SHA-3-256 hash?

A. To encrypt data for secure transmission

B. To verify the integrity of data

C. To determine the size of a file

D. To encode data in hexadecimal form

89 / 165

What is a Certificate Revocation List (CRL) in the context of a Certificate Authority (CA)?

A. It is a list of serial numbers for certificates that are yet to be issued.

B. It is a list of revoked certificates identified by their issue dates.

C. It is a version 2 certificate including a list of revoked certificates identified by their serial numbers.

D. It is a list of expired certificates identified via their serial numbers.

90 / 165

What is a common hashing algorithm in use today?

A. Advanced Encryption Standard (AES)

B. Secure Hash Algorithm 3 (SHA-3)

C. RSA encryption

D. Blowfish

91 / 165

What is the role of the Registration Authority (RA) in the process of certificate creation?

A. It validates the user’s identity and creates a certificate.

B. It issues certificates to users.

C. It collects registration information and assists in the registration process but never issues certificates.

D. It creates the private key for the user.

92 / 165

What does the term ’Certificate revoked’ refer to?

A. The certificate is expired

B. The certificate was not issued by a trusted CA

C. The clients validate certificates through the CA to ensure they haven’t been revoked

D. The certificate does not include the public key

93 / 165

What is the purpose of a Root certificate?

A. It is used for encryption of emails and digital signatures

B. It is used for multiple domains that have different names but are owned by the same organization

C. It is the certificate issued by the root CA

D. It indicates that the certificate requestor has some control over a DNS domain

94 / 165

Which of the following elements does a certificate typically include?

A. Serial number

B. Current Date

C. IP Address

D. Height

95 / 165

Which element is not included in a Certificate Signing Request (CSR) according to the text?

A. Information about the website

B. The purpose of the certificate

C. The public key

D. The private key

96 / 165

Why are weak keys a risk to data security?

A. They slow down the decryption process

B. They cause a delay in data transmission

C. They can be easily decrypted by an attacker

D. They create instability in the algorithm

97 / 165

Which of the following describes the key differences between Blowfish and Twofish?

A. Blowfish encrypts data in 128-bit blocks, whereas Twofish encrypts data in 64-bit blocks.

B. Blowfish supports key sizes between 32 and 448 bits, whereas Twofish supports 128-, 192-, or 256-bit keys.

C. Blowfish is faster than Twofish in all instances.

D. Blowfish is a symmetric block cipher, whereas Twofish is an asymmetric block cipher.

98 / 165

What is the first step in the process of validating a certificate?

A. The client queries the CA for a copy of the CRL

B. The server responds with a copy of the certificate that includes the public key

C. It is ensured that the certificate is not expired

D. It is checked whether the certificate was issued by a trusted CA

99 / 165

What is the purpose of hashing a patch file before releasing it for download?

A. To assist in compressing the file for faster downloads

B. To provide a method for customers to verify the integrity of the downloaded file

C. To encrypt the file for secure transmission

D. To create a unique identifier for the file for record keeping

100 / 165

In terms of symmetric encryption, why are symmetric keys often compared to a house key?

A. Because symmetric keys also open doors.

B. Because symmetric keys are physically handed out like house keys.

C. Because symmetric keys and house keys are created using the same process.

D. Because like a house key, a symmetric key can encrypt and decrypt data when shared.

101 / 165

What does the term ’data in transit’ refer to in the context of data security, and how is it commonly protected?

A. Data being saved on a disk and it is protected by encrypting individual files

B. Data being used by a computer and it is protected by purging memory of sensitive data

C. Data sent over a network and it is protected by using HTTPS sessions to encrypt transactions

D. Data kept in a database and it is protected by changing the encryption key frequently

102 / 165

What check is done to determine if a certificate is not trusted?

A. The system verifies if the certificate is expired

B. The system confirms if the certificate was issued by a trusted Certification Authority (CA)

C. The system requests for a copy of the CRL from the CA

D. The system checks if the certificate is included in the Intermediate Certification Authorities store

103 / 165

Which of the following best describes the role of a private key in asymmetric encryption?

A. A private key is always shared with others.

B. A private key can decrypt information encrypted with any public key.

C. A private key is used to decrypt information encrypted with its corresponding public key.

D. A private key can encrypt data that is decrypted by any public key.

104 / 165

What does ’data in motion’ refer to and how is it commonly protected?

A. Data stored on media encrypted using HTTPS

B. Data being transmitted over a network, typically encrypted using HTTPS

C. Data being processed by a computer, typically left unencrypted

D. Individual fields in a database encrypted with symmetric or asymmetric keys

105 / 165

What is the primary use of an Email certificate?

A. To validate the authentication of executable applications or scripts

B. For encryption of emails and digital signatures

C. To eliminate the need to purchase certificates from public CAs

D. To be used for multiple domains with the same root domain

106 / 165

What is the main advantage of using rainbow tables in password cracking?

A. Rainbow tables allow for generating password guesses more quickly.

B. Rainbow tables eliminate the need to hash each guessed password.

C. Rainbow tables increase the complexity of the hashed password.

D. Rainbow tables reduce the size of the compromised data.

107 / 165

What is the main reason why systems store hashes of passwords instead of the actual passwords?

A. To avoid the need for users to remember their passwords

B. To prevent passwords from being sent over the network in cleartext

C. To save storage space

D. To have a database of hashed words from a dictionary

108 / 165

What is the purpose of the sha256sum.exe program?

A. To create digital signatures

B. To automatically create and compare hashes in emails

C. To create hashes of files

D. To modify file integrity

109 / 165

What are the Distinguished Encoding Rules (DER) primarily used for in the context of certificates?

A. To distribute certificate revocation lists.

B. To encrypt P12 certificates.

C. To define data structures in cryptography.

D. To identify the contents of a certificate.

110 / 165

Why shouldn’t keys be reused in symmetric encryption, especially with stream ciphers?

A. It causes the encryption to be slow

B. It wastes system resources

C. It makes the algorithm vulnerable to attacks

D. It improves the encryption

111 / 165

What is a key difference between a plaintext attack and a chosen plaintext attack, as described in the text?

A. In a plaintext attack, the attacker has access to all the plaintext, while in a chosen plaintext attack, he doesn’t.

B. A chosen plaintext attack always requires more resources and time than a plaintext attack.

C. Plaintext attacks are always successful while chosen plaintext attacks are not.

D. In a plaintext attack, the attacker has no access to the plaintext, while in a chosen plaintext attack, he does.

112 / 165

What is the purpose of a ’code signing’ certificate?

A. To authenticate email signatures

B. To validate the authentication of executable applications or scripts

C. To indicate control over a DNS domain

D. To allow usage for multiple domains with same root domain

113 / 165

Which of the following use cases provided in the SY-601 exam objectives is supported by ECC and other lightweight cryptography algorithms?

A. Supporting high resiliency

B. Supporting integrity

C. Supporting low power devices

D. Supporting obfuscation

114 / 165

Which of the following is an strong indicator of a pass the hash attack?

A. The usage of Kerberos as the Authentication Package.

B. A user makes multiple logon attempts with different passwords.

C. The usage of NTLM as the Authentication Package and/or a Logon Process of NtLmSSP.

D. A user logs on to the system using an account that has regular user privileges.

115 / 165

What does the response ’unknown’ from an Online Certificate Status Protocol (OCSP) check most likely indicate?

A. The certificate is valid

B. The certificate is revoked

C. The certificate is expired

D. The certificate could be a forgery

116 / 165

What problem presented with hash calculations does HMAC solve?

A. HMAC removes the need for a secret key

B. HMAC changes the hash calculation method

C. HMAC prevents an attacker from altering the hash of modified messages

D. HMAC requires a different hash be used after each message

117 / 165

What is the role of the ’Issuer’ in a certificate?

A. It identifies the subject of the certificate

B. It identifies the CA that issued the certificate

C. It signifies the serial number of the certificate

D. It signifies ‘Valid From’ and ‘Valid To’ dates

118 / 165

What is included in a digital certificate?

A. Private key and information on the owner

B. Public key and information on the owner

C. Public key and the user’s password

D. Private key and the user’s password

119 / 165

What is the purpose of post-quantum cryptography?

A. To establish a new standard for quantum computing

B. To resist attacks using quantum computers

C. To standardize the building process of quantum computers

D. To endorse the use of quantum computers

120 / 165

According to the text, which concept provides assurances that data has not been modified?

A. Confidentiality

B. Integrity

C. Encryption

D. Digital signature

121 / 165

What is the relationship between key size and strength in terms of data encryption in the Advanced Encryption Standard (AES)?

A. There is no relationship between key size and strength.

B. The larger the key size, the weaker the encryption.

C. The larger the key size, the stronger the encryption.

D. The key size is irrelevant in terms of encryption strength.

122 / 165

What is the main benefit of email encryption?

A. It provides better email functionality

B. It makes email faster

C. It provides confidentiality for email messages

D. It allows for larger email sizes

123 / 165

What does a domain-validated certificate indicate?

A. The certificate requestor has some control over a DNS domain.

B. It can be used for multiple domains that have the same root domain.

C. It can be used for multiple domains with different names but are owned by the same organization.

D. The certificate is issued by the root CA.

124 / 165

How do most email applications use asymmetric and symmetric encryption to enhance security?

A. They use symmetric encryption to share a session key privately and asymmetric encryption to encrypt the data with this session key.

B. They use asymmetric encryption to share a session key privately and symmetric encryption to encrypt the data with this session key.

C. They exclusively use symmetric encryption to maintain security.

D. They exclusively use asymmetric encryption for enhanced security.

125 / 165

What is the function of a ’key’ in the process of data encryption?

A. The key performs mathematical calculations on data

B. The key is a number that provides variability for the encryption

C. The key ensures that the algorithm used for encryption remains the same

D. The key ensures that only authorized users are able to view the data

126 / 165

What is a primary indicator of an online password attack?

A. Cryptographic attacks

B. A captured database

C. Repeated attempts to guess passwords recorded in system logs

D. Offline brute force attacks

127 / 165

What is the main purpose of public key pinning?

A. To timestamp and digitally sign OCSP responses from the CA

B. To reduce OCSP traffic to and from the CA

C. To prevent attackers from impersonating a web site using fraudulent certificates

D. To specify how long the client should store and use data

128 / 165

Which technique is used to support obfuscation according to the SY-601 exam objectives?

A. Hashing protocols

B. Encryption protocols

C. Steganography

D. ECC and other lightweight cryptography algorithms

129 / 165

Which certificate format is a predecessor to the P12 and is commonly used on Windows systems to import and export certificates?

A. P7B

B. PEM

C. PFX

D. CER

130 / 165

What is the main difference between Stream ciphers and Block ciphers?

A. Stream ciphers use two keys while block ciphers use one

B. Stream ciphers encrypt data 1 bit at a time while block ciphers encrypt data in blocks

C. Stream ciphers provide authentication while block ciphers provide confidentiality

D. Stream ciphers are part of PKI infrastructure while block ciphers are not

131 / 165

What is an important characteristic of ephemeral keys in asymmetric encryption?

A. They use a deterministic algorithm for generating public keys.

B. They have the same lifetime as the certificates.

C. They are only valid for single sessions and are discarded afterwards.

D. They are validated by a certificate authority.

132 / 165

What is the key size used in 3DES encryption?

A. 56 bits, 112 bits, or 168 bits

B. 64 bits, 128 bits, or 192 bits

C. 128 bits, 192 bits, or 256 bits

D. 64 bits, 128 bits, or 256 bits

133 / 165

What does non-repudiation in cryptography ensure?

A. It prevents a party from denying an action.

B. It assures that data is only viewable by authorized users.

C. It verifies a user’s identity.

D. It hides data within other files.

134 / 165

What is the main characteristic of symmetric encryption?

A. It uses the same key to encrypt and decrypt data

B. It uses two keys (public and private) created as a matched pair

C. It provides a level of confidentiality by hiding data within other files

D. It validates an identity

135 / 165

Which of the following is an important principle when using a stream cipher?

A. Encryption keys should be reused for efficiency

B. Stream ciphers are less efficient than block ciphers

C. Data should be divided into blocks for encryption with stream ciphers

D. Encryption keys should not be reused

136 / 165

What are the three security benefits that are provided by the Digital Signature Algorithm?

A. Authentication, Non-repudiation, Integrity

B. Confidentiality, Non-repudiation, Details verification

C. Hashing, Non-repudiation, Encryption

D. Authentication, Hashing, Integrity

137 / 165

What is the Rayburn box referred to in the text?

A. A real-world example of how public/private keys work

B. A relevant theory in cryptography

C. A metaphor created to help people understand how public/private keys work

D. A physical box named after the author of the text

138 / 165

What does key management within a PKI involve?

A. Only keeping private keys private

B. Only distributing public keys in certificates

C. Only revoking certificates when keys are compromised

D. All of the above

139 / 165

What is the main advantage of Elliptic Curve Cryptography (ECC)?

A. It takes less processing power than other cryptographic methods

B. It uses larger keys for better security

C. It is mainly used for signing emails

D. It provides less security for low power devices

140 / 165

What is the main purpose of salting passwords?

A. To create a duplicate hash from different passwords

B. To simplify the password before hashing it

C. To add complexity to the password and prevent attacks by comparing hashes to a rainbow table

D. To enable a successful Birthday attack

141 / 165

What does the label ’—–BEGIN CERTIFICATE—–’ and ’—–END CERTIFICATE—–’ in a certificate text signify?

A. The start and end of a binary code

B. The start and end of an encryption protocol

C. The opening and closing of a CER format

D. The opening and closing of the ASCII encoded certificate

142 / 165

What is the function of the public key in the ’Rayburn Box’ analogy?

A. It unlocks the box and is available publicly

B. It locks the box and is available publicly

C. It can both lock and unlock the box

D. There is no such thing as a public key in this analogy

143 / 165

What supports a use case of low latency in relation to cryptographic concepts in the SY-601 exam objectives?

A. Hashing protocols

B. Steganography

C. OCSP

D. ECC

144 / 165

Why does HTTPS combine both asymmetric and symmetric encryption in securing web traffic?

A. Asymmetric encryption is efficient but not secure enough for large amounts of data

B. Symmetric encryption can efficiently secure large amounts of data but both parties need to know the key

C. Symmetric encryption is less secure than asymmetric encryption

D. Asymmetric encryption can distribute keys securely but is not efficient for large amounts of data

145 / 165

What is the purpose of the serial number within a certificate?

A. It does not serve a specific purpose

B. It specifies the encryption method used

C. It is used by the Certificate Authority to validate the certificate

D. It identifies the owner of the certificate

146 / 165

What is the purpose of transport encryption methods?

A. To decrypt data stored on a server

B. To encrypt data in transit and ensure its confidentiality

C. To encrypt data stored on a computer

D. To decrypt data in transit and make it readable

147 / 165

What is the purpose of key exchange in asymmetric encryption?

A. To share a symmetric key

B. To encrypt data directly

C. To create matched public and private key pairs

D. To secure physical keys

148 / 165

Which of the following is NOT correct about Privacy Enhanced Mail (PEM) certificates?

A. They are commonly used for email only

B. They can be used to share public keys within a certificate

C. They can be used to install a private key on a server

D. PEM file holding just the private key typically uses the .key extension

149 / 165

Which feature does HMAC provide that other hashing algorithms like MD5 and SHA-256 do not?

A. Randomization

B. Larger hash size

C. Shared secret key

D. Cryptographic security

150 / 165

What is the primary difference in the process of obtaining an Extended Validation (EV) certificate as compared to a Domain Validation certificate?

A. EV certificates do not require any form of validation

B. EV certificates only require confirmation of domain ownership

C. EV certificates need additional steps of validation beyond domain validation

D. EV certificates do not require validation, they are self-signed

151 / 165

What is a Rayburn box used for in the context of public and private keys?

A. It is used to physically transfer keys

B. It is used as an analogy for transferring items securely over long distances using matched keys

C. It is used as a tool to create multiple copies of keys

D. It is used as software to protect keys from unauthorized duplication

152 / 165

What is a primary indicator of an online password attack, as typically seen in systems such as Windows?

A. Frequent errors in an application’s codebase

B. System overheating issues

C. System logs recording repeated attempts to guess passwords

D. Abnormal increase in network traffic

153 / 165

What is the role of the Registration Authority (RA) in the certification process?

A. It issues certificates.

B. It assists in the collection of registration information.

C. It verifies the identity of the user.

D. It creates a certificate with the public key.

154 / 165

What inhibits the longevity of the DES cryptographic algorithm?

A. It has been removed from government approval

B. It only supports key sizes of 56 bits

C. It was replaced by AES in 2002

D. Its key size cannot be doubled

155 / 165

Which of the following accurately describes the strengths of the Advanced Encryption Standard (AES)?

A. It requires multiple passes to encrypt and decrypt data

B. It is more resource intensive than other encryption algorithms

C. It provides strong encryption of data, providing a high level of confidentiality

D. It is slow and cannot effectively cipher data on small devices

156 / 165

What is the major flaw of symmetric encryption methods?

A. They are too complicated for most users to apply correctly

B. They fail if the same key used for encryption is not used for decryption

C. They cannot be used for message transmission over network

D. They are too simple and easy to crack

157 / 165

What does a different hash value in a downloaded file as compared to the original indicate?

A. The file has been modified after it was posted or it lost some bits during the download.

B. The file has been encrypted after it was posted.

C. The file was not downloaded correctly.

D. The file is corrupt and cannot be opened.

158 / 165

Which of the following is TRUE about Bcrypt?

A. It is based on the Blowfish block cipher and used to protect passwords stored in the shadow password file.

B. Its result is a 128-bit string.

C. It does not use salt during the encryption process.

D. It is selected as the best key stretching algorithm in the 2015 Password Hashing Competition.

159 / 165

Why might an organization decide against encrypting all data?

A. Encryption decreases the confidentiality of data

B. Encryption does not provide any kind of additional security

C. Encryption may increase the disk space needed by approximately 40 percent and increase processing power

D. They do not have responsibility to minimize costs

160 / 165

What is one recommended way to prevent SSL-based downgrade attacks mentioned in the text?

A. Enable weak cipher suites

B. Disable TLS

C. Disable weak cipher suites

D. Only use weak protocols

161 / 165

According to the text, which of the following statements about symmetric encryption is incorrect?

A. Symmetric encryption uses the same key to encrypt and decrypt data.

B. ROT13 uses a fixed key of 13 to encrypt and decrypt data.

C. Symmetric encryption frequently changes the keys used for encryption and decryption.

D. Symmetric encryption always uses the same key to encrypt and decrypt all data.

162 / 165

What is the role of hashing protocols in cryptographic concepts as outlined in the SY-601 exam objectives?

A. They provide high resiliency

B. They support obfuscation

C. They support low latency

D. They support integrity

163 / 165

What is meant by ’Lightweight Cryptography’ in the context of internet security?

A. Cryptography designed for powerful computers with considerable resources

B. Cryptography designed for devices such as RFID tags, sensor nodes, smart cards and IoT devices that have limited processing power

C. Universal type of cryptography deployed in all devices regardless of their processing power

D. A stronger version of traditional cryptography that uses more resources for denser encryption

164 / 165

What is the main characteristic of the ROT13 cipher?

A. It uses a 128-bit key

B. It rotates each character 13 spaces

C. It replaces plaintext with ciphertext using a variable system

D. It is an asymmetric encryption method

165 / 165

What is a common method used in Image Steganography to hide data without noticeably altering the image or the file size?

A. Changing the most significant bit of the file’s individual bytes

B. Hiding the data in the white space of a file

C. Inserting the data as a separate layer in the image file

D. Manipulating the shape and form of pixels within the image

Your score is

Dowload the FREE OFFLINE Version of this Test Bank

Boost your cybersecurity skills! Click to download the CompTIA Security+ Practice Anki deck.

Chapter 10 – Understanding Cryptography and PKI

Boost your IT skills with our free CompTIA Security+ practice test focusing on Chapter 10: Understanding Cryptography and PKI. Whether you’re entering the IT industry or advancing in cyber security, our resources are here to help you succeed in the CompTIA Exam.

Why Choose Our CompTIA Security+ Practice Test?

Skill Enhancement:

Covers essential concepts in cryptography and PKI crucial for the CompTIA Exam.

Career Advancement:

Passing the CompTIA Security+ exam can open doors to new job opportunities and significant career changes in the IT industry.

Vulnerability Management:

Master the art of cryptography and PKI, key skills in cyber security.

Free Anki Deck Download

Download our free Anki Deck, reviewed by industry expert Josh Madakor, who has extensive experience in IT and cyber security, including work with Microsoft and government sectors. Learn more about Anki on the official site.

Get Started with Your IT Career Change Today!

Visit the CompTIA Security+ official site and the CompTIA Network+ official site for more information.

Chapter 10 – Understanding Cryptography and PKI

Dowload the FREE OFFLINE Version of this Test Bank

Chapter 10 – Understanding Cryptography and PKI

Why Choose Our CompTIA Security+ Practice Test?

Skill Enhancement:

Career Advancement:

Vulnerability Management:

Free Anki Deck Download

Explore our other free practice tests:

Related Posts

The Affordable, Hands-On Josh Madakor IT Course that gets Results!

The Affordable, Hands-On Cyber Security that gets Results!

JOIN OUR

NEWSLETTER