Back to CompTIA Security+ (CompTIA Security+)

Encryption and Key Management

Managing encryption keys securely

Encryption and Key Management focuses on the secure management of cryptographic keys, including their generation, storage, distribution, and retirement, which are essential for securing sensitive data and maintaining compliance with regulatory requirements.
5 minutes 5 Questions

Encryption and Key Management are critical aspects of cybersecurity covered in the CompTIA Security+ certification. Encryption transforms readable data (plaintext) into unreadable format (ciphertext) using mathematical algorithms and keys. This protects confidentiality of data both at rest and in …

Concepts covered: Key Exchange, Certificate Authorities, Elliptic Curve Cryptography, Block Ciphers, Digital Certificates, Key Management, Cryptographic Hardware and HSMs, Cryptographic Key Length, Stream Ciphers, Cryptographic Hash Functions, Cryptographic Protocol, Key Length and Strength

Test mode:
Start practice test
CompTIA Security+ - Encryption and Key Management Example Questions

Test your knowledge of Encryption and Key Management

Question 1

A web application needs to store user passwords securely. The developers are looking to implement a hashing function that provides strong resistance against dictionary attacks and rainbow tables. Which of the following hashing techniques should they incorporate?

Correct Answer: bcrypt with salts

bcrypt with salts provides strong resistance against dictionary attacks and rainbow tables by slowing down brute-force attacks and adding randomness to the hashed passwords. SHA-256, MD5, Whirlpool, and crc32 are simple hashing functions and do not provide the same level of resistance against attacks. scrypt is also a suitable choice, but bcrypt with salts is more popular and widely used in the context.

Question 2

A company wants to use a Hardware Security Module (HSM) to protect sensitive information. What security feature does the HSM use to defend against physical tampering?

Correct Answer: Tamper-resistant hardware components

Tamper-resistant hardware components within the HSM are designed to withstand physical attacks, preserving cryptographic keys even if the attacker gains access. Out-of-band communication, dual control, secure execution environment, and on-device firewall deal with logical security aspects. Self-destruct mechanism might destroy the HSM but does not specifically prevent tampering.

Question 3

A company decides to use a stream cipher for their wireless network communications. What must they ensure to maintain the confidentiality of the transmitted data?

Correct Answer: Never reuse the same key

Stream ciphers require that the same key is never reused to ensure data confidentiality. Changing the encryption key every second, encrypting all data twice, and using a public key for encryption are not recommended practices for stream ciphers. Transmitting data during non-peak hours does not address the key reuse issue. Advertising the use of an insecure cipher puts the system at greater risk.

More Encryption and Key Management questions
27 questions (total)
Start 27 question test