Flashcards

Encryption and Key Management

Managing encryption keys securely

5 minutes 5 Questions

Encryption and Key Management are critical aspects of cybersecurity covered in the CompTIA Security+ certification. Encryption transforms readable data (plaintext) into unreadable format (ciphertext) using mathematical algorithms and keys. This protects confidentiality of data both at rest and in …

Concepts covered

Key Exchange Certificate Authorities Elliptic Curve Cryptography Block Ciphers Digital Certificates Key Management Cryptographic Hardware and HSMs Cryptographic Key Length Stream Ciphers Cryptographic Hash Functions Cryptographic Protocol Key Length and Strength

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

CompTIA Security+ - Encryption and Key Management Example Questions

Test your knowledge of Encryption and Key Management

Question 1

A web application needs to store user passwords securely. The developers are looking to implement a hashing function that provides strong resistance against dictionary attacks and rainbow tables. Which of the following hashing techniques should they incorporate?

MD5 Whirlpool SHA-256 bcrypt with salts

Correct Answer: bcrypt with salts

bcrypt with salts provides strong resistance against dictionary attacks and rainbow tables by slowing down brute-force attacks and adding randomness to the hashed passwords. SHA-256, MD5, Whirlpool, and crc32 are simple hashing functions and do not provide the same level of resistance against attacks. scrypt is also a suitable choice, but bcrypt with salts is more popular and widely used in the context.

Question 2

A company wants to use a Hardware Security Module (HSM) to protect sensitive information. What security feature does the HSM use to defend against physical tampering?

Out-of-band communication Secure execution environment Dual control Tamper-resistant hardware components

Correct Answer: Tamper-resistant hardware components

Tamper-resistant hardware components within the HSM are designed to withstand physical attacks, preserving cryptographic keys even if the attacker gains access. Out-of-band communication, dual control, secure execution environment, and on-device firewall deal with logical security aspects. Self-destruct mechanism might destroy the HSM but does not specifically prevent tampering.

Question 3

A company decides to use a stream cipher for their wireless network communications. What must they ensure to maintain the confidentiality of the transmitted data?

Change encryption key every second Never reuse the same key Use the public key for encryption Encrypt all data twice

Correct Answer: Never reuse the same key

Stream ciphers require that the same key is never reused to ensure data confidentiality. Changing the encryption key every second, encrypting all data twice, and using a public key for encryption are not recommended practices for stream ciphers. Transmitting data during non-peak hours does not address the key reuse issue. Advertising the use of an insecure cipher puts the system at greater risk.

Unlock Premium Access

CompTIA Security+

Access to ALL Certifications: Study for any certification on our platform with one subscription
1241 Superior-grade CompTIA Security+ practice questions
Unlimited practice tests across all certifications
Detailed explanations for every question
CompTIA Security+: 5 full exams plus all other certification exams
100% Satisfaction Guaranteed: Full refund if unsatisfied
Risk-Free: 7-day free trial with all premium features!

More Encryption and Key Management questions

27 questions (total)

Start 27 question test