Practice Exam 5 Flashcards
(25 cards)
Which of the following answers refers to a family of cryptographic hash functions designed for various security-related applications, including digital signatures, password storage, secure communications, and data integrity verification?
Answer: SHA (Secure Hash Algorithm)
Quick Explanation:
SHA (Secure Hash Algorithm) is a family of cryptographic hash functions widely used to ensure data integrity and security in various applications.
Key Points:
Developed by NSA and standardized by NIST
Includes versions like SHA-1, SHA-2 (e.g., SHA-256, SHA-512), and SHA-3
Used in digital signatures, TLS/SSL, blockchain, password hashing, etc.
SHA-1 is deprecated, SHA-2 and SHA-3 are currently recommended
Why It Matters:
SHA ensures that even a small change in input data produces a completely different output, making it crucial for verifying data integrity and securing communications.
Which of the hash functions listed below offers the highest level of security?
Answer: SHA-3
Quick Explanation:
SHA-3 (Secure Hash Algorithm 3) is the most recent member of the SHA family, designed to provide a higher level of security than its predecessors (SHA-1 and SHA-2).
Key Points:
Uses a different internal structure (Keccak algorithm) than SHA-2
Offers strong resistance to collision and preimage attacks
Suitable for modern cryptographic applications
Available in multiple output sizes (e.g., SHA3-256, SHA3-512)
Why It Matters:
SHA-3 is not vulnerable to the same theoretical attacks as SHA-2 and is considered the most future-proof option for hash-based security.
Which of the following combines a cryptographic hash function with a secret key to provide a means of verifying both the authenticity and integrity of a message or data?
Answer: HMAC (Hash-Based Message Authentication Code)
Quick Explanation:
HMAC (Hash-based Message Authentication Code) combines a cryptographic hash function (like SHA-256) with a secret key to create a secure message authentication code.
Key Points:
Verifies data integrity (data hasn’t changed)
Verifies authenticity (data came from a trusted source)
Used in protocols like TLS, IPsec, and HTTPS
Why It Matters:
HMACs are widely used in secure communications to ensure that data is both authentic and tamper-proof.
Which of the answers listed below refers to a non-cryptographic hash function often used for error-checking purposes?
Answer: CRC (Cyclic Redundancy Check)
Quick Explanation:
CRC (Cyclic Redundancy Check) is a non-cryptographic hash function primarily used for error detection in data transmission and storage.
Key Points:
Detects accidental changes to raw data
Common in networking and file systems
Not secure for cryptographic use (easily predictable)
Use Case Example:
Used in technologies like Ethernet, ZIP files, and RAID systems to verify that data hasn’t been accidentally corrupted.
Which of the following answers refers to a type of additional input that increases password complexity and provides better protection against brute-force, dictionary, and rainbow table attacks?
Answer: Salt
Important Information
Salt = Random data added to a password before hashing.
Unique per user = Each user’s password gets a different salt.
Stored with the hash = Salt is not secret, but it prevents reuse of precomputed attacks.
Prevents:
Brute-force attacks (slows down guesses)
Dictionary attacks (prevents known-word matching)
Rainbow table attacks (makes precomputed tables useless)
Quick Explanation
A salt is random data that’s added to a password before it’s hashed. If two users have the same password, the salt ensures their hashes are different. This means attackers can’t use precomputed hash databases (like rainbow tables) to crack passwords quickly.
Why It Matters
Without salt, passwords are easy to reverse if the hash algorithm is known. Salting adds randomness and uniqueness, significantly increasing the difficulty and time required for attackers to crack passwords. It’s a core best practice in secure password storage — and a concept often tested on Security+.
A pseudo-random data added to a password before hashing is referred to as:
Answer: Salt
Important Information
Salt = Pseudo-random data added to passwords before hashing.
Ensures that identical passwords produce different hashes.
Commonly used in secure password storage systems.
Defeats:
Rainbow table attacks
Dictionary attacks
Brute-force attacks (slows down each attempt)
Quick Explanation
A salt is randomly generated (often pseudo-random) data combined with a password before it’s hashed. This makes each hash unique, even if the same password is used by multiple people. It’s a critical defense layer in modern authentication systems.
Why It Matters
If passwords aren’t salted, attackers can use one rainbow table or dictionary list to crack multiple accounts. Salting makes mass cracking impractical by forcing attackers to start from scratch for every user.
Which cryptographic technique is used to prevent the effectiveness of rainbow tables in cracking hashed passwords?
Answer: Salting
Important Information
Salting = Adding unique, random data to passwords before hashing.
Makes each hash unique, even if passwords are the same.
Rainbow tables rely on precomputed hashes of common passwords.
Salting invalidates rainbow tables by changing the input for each password.
Quick Explanation
Rainbow tables are large lists of precomputed hashes for common passwords. When you salt a password before hashing it, the output becomes unique every time—even for the same password. This renders rainbow tables useless, since attackers can’t predict the salt.
Why It Matters
Salting is a cheap and effective defense that makes mass password cracking using rainbow tables infeasible. It’s a fundamental concept in cybersecurity, and you’ll absolutely see it on the Security+ exam and in real-world systems.
Which of the answers listed below refers to a cryptographic technique that verifies the authenticity and integrity of digital documents or messages by using a unique encrypted identifier from the sender?
Answer: Digital Signature
Important Information
Digital Signature = Cryptographic technique used to:
Verify authenticity (confirms sender identity)
Verify integrity (ensures message/document not altered)
Uses sender’s private key to create a unique encrypted identifier.
Recipient uses sender’s public key to verify signature.
Ensures non-repudiation (sender cannot deny sending).
Quick Explanation
A digital signature is like a secure electronic fingerprint attached to a message or document. It’s created by encrypting a hash of the data with the sender’s private key. The recipient can decrypt it with the sender’s public key to confirm the message is genuine and unchanged.
Why It Matters
Digital signatures ensure trust in communications and transactions by confirming who sent the data and that it hasn’t been tampered with. This is crucial in legal, financial, and secure communication contexts—and a key topic for the Security+ exam.
Which of the following answers refer to algorithms used for generating and verifying digital signatures? (Select 3 answers)
Answer: ECDSA, RSA, and DSA.
Important Information
ECDSA (Elliptic Curve Digital Signature Algorithm)
RSA (Rivest–Shamir–Adleman)
DSA (Digital Signature Algorithm)
All are asymmetric cryptographic algorithms used to:
Generate digital signatures
Verify digital signatures
Provide authentication, integrity, and non-repudiation.
Quick Explanation
These three algorithms create and verify digital signatures by using public/private key pairs. The private key signs the data; the public key verifies it. Each has different mathematical bases (elliptic curves for ECDSA, prime factorization for RSA, discrete logs for DSA) but serve the same purpose.
Why It Matters
Understanding these algorithms helps you grasp how digital signatures secure data and verify identity. They’re fundamental to secure communications, certificates, and many protocols—key for Security+ and real-world cybersecurity.
Which of the answers listed below refer to DSA? (Select 3 answers)
Answer: Asymmetric algorithm, Provides authentication, integrity, and non-repudiation, and Specifically designed for creating and verifying digital signatures.
Important Information
DSA (Digital Signature Algorithm) is an asymmetric cryptographic algorithm.
Designed specifically for creating and verifying digital signatures.
Provides:
Authentication (verifies sender’s identity)
Integrity (ensures data hasn’t changed)
Non-repudiation (sender can’t deny sending)
Quick Explanation
DSA uses a pair of keys—private to sign, public to verify—to secure digital signatures. Unlike general encryption algorithms, DSA is focused solely on digital signatures, ensuring data authenticity and integrity.
Why It Matters
DSA is a standard algorithm used in many secure systems to guarantee the authenticity and integrity of digital documents or messages. Knowing its purpose and features is essential for Security+ certification and practical cybersecurity.
Which of the following answers refer to the characteristic features of RSA? (Select 3 answers)
Answer: Asymmetric encryption algorithm, A public key used for encryption and a private key used for decryption, and Used for secure communications, digital signatures, and key exchange.
Important Information
RSA is an asymmetric encryption algorithm.
Uses a public key for encryption and a private key for decryption.
Commonly used for:
Secure communications (encrypting data)
Digital signatures (signing and verifying)
Key exchange (securely sharing symmetric keys)
Quick Explanation
RSA relies on the difficulty of factoring large prime numbers. The public key encrypts data or verifies signatures, while the private key decrypts data or creates signatures. This makes it versatile for confidentiality and authentication.
Why It Matters
RSA is one of the most widely used cryptographic algorithms, foundational for secure internet communication, including SSL/TLS and digital certificates. Understanding RSA’s roles is critical for Security+ and practical security.
Which of the answers listed below describe(s) the characteristics of ECDSA? (Select all that apply)
Answer: Provides authentication, integrity, and non-repudiation, Based on elliptic curve cryptography, Specifically designed for creating and verifying digital signatures, and more computationally efficient than other signature algorithms.
Important Information
ECDSA (Elliptic Curve Digital Signature Algorithm) is based on elliptic curve cryptography (ECC).
Provides:
Authentication
Integrity
Non-repudiation
Specifically designed for creating and verifying digital signatures.
More computationally efficient (smaller keys, faster calculations) than RSA and DSA.
Quick Explanation
ECDSA uses elliptic curves to create smaller, faster digital signatures that provide the same security level as other algorithms but with less resource use. This makes it popular in environments where efficiency matters, like mobile devices.
Why It Matters
ECDSA’s efficiency and strong security make it widely used in modern secure protocols (e.g., TLS, Bitcoin). Understanding its features helps you appreciate advances in cryptography important for Security+ and real-world security.
Given the computational limitations of IoT devices, smartcards, and mobile devices, which of the following digital signature algorithms would be the most efficient choice due to its smaller key size and lower processing requirements?
Answer: ECDSA (Elliptic Curve Digital Signature Algorithm)
Important Information
ECDSA = Most efficient digital signature algorithm for devices with limited resources.
Uses smaller key sizes compared to RSA or DSA for equivalent security.
Requires less processing power and memory.
Ideal for IoT devices, smartcards, and mobile devices.
Quick Explanation
ECDSA leverages elliptic curve cryptography, which achieves strong security with much smaller keys. This reduces computational load, making it perfect for devices with limited CPU and battery capacity.
Why It Matters
Choosing the right algorithm for constrained devices ensures secure operations without draining resources. ECDSA’s efficiency is critical in modern cybersecurity, especially with the rise of IoT and mobile tech—something you’ll definitely see on the Security+ exam.
Key stretching is a cryptographic technique that enhances the security of sensitive data, such as cryptographic keys and passwords. It works by repeatedly applying a resource-intensive function or algorithm to the input data, thus increasing the computational effort required to derive the original key or password, which makes the data more resistant to brute-force, dictionary, or rainbow table attacks.
Answer: True
Important Information
Key stretching = technique to strengthen weak keys or passwords.
Involves applying a resource-intensive function repeatedly (e.g., thousands of iterations).
Increases the time and computational power needed for brute-force, dictionary, and rainbow table attacks.
Common algorithms: PBKDF2, bcrypt, scrypt, Argon2.
Quick Explanation
Key stretching takes a password or key and repeatedly processes it with a slow, complex function. This makes cracking attacks much slower because attackers must spend more resources on each guess.
Why It Matters
Key stretching protects weak or common passwords by making brute-force and similar attacks computationally expensive. It’s a fundamental defense in password security, widely tested on the Security+ exam.
Which of the following is an example of a key stretching algorithm?
Answer: PBKDF2 (Password-Based Key Derivation Function 2)
Important Information
PBKDF2 (Password-Based Key Derivation Function 2) is a widely used key stretching algorithm.
Applies a hashing function multiple times (configurable iterations) to increase processing time.
Enhances security of stored passwords by making brute-force and dictionary attacks slower.
Often combined with a salt for additional protection.
Quick Explanation
PBKDF2 repeatedly hashes a password with a salt, making it computationally expensive to crack. This slows down attackers trying to guess passwords, improving security.
Why It Matters
PBKDF2 is a standard, well-tested method for strengthening password storage. It’s a key concept on the Security+ exam and a best practice in real-world cybersecurity.
The term “Open public ledger” is used to describe a distributed database stored across multiple computers in a P2P network.
Answer: True
Important Information
Open Public Ledger = a distributed database stored on multiple computers (nodes) in a peer-to-peer (P2P) network.
All participants can view and verify the ledger’s contents.
Commonly associated with blockchain technology.
Ensures transparency, immutability, and decentralization.
Quick Explanation
An open public ledger is a shared record (like a blockchain) maintained by many computers around the world. Everyone in the network has a copy, so it’s transparent and hard to tamper with.
Why It Matters
Understanding open public ledgers is key for grasping blockchain and cryptocurrency security concepts—important topics on the Security+ exam and in modern security environments.
Blockchain technology is an example of:
Answer: Open Public Ledger
Important Information
Blockchain is an example of an open public ledger.
Data is stored in blocks linked together in a chain.
Maintained by a decentralized P2P network.
Ensures transparency, immutability, and trust without a central authority.
Quick Explanation
Blockchain records transactions across many computers, making it nearly impossible to alter data without detection. This decentralized system allows multiple parties to trust the data without needing a middleman.
Why It Matters
Blockchain is foundational for cryptocurrencies and secure, transparent record-keeping. Knowing its role as an open public ledger helps with Security+ topics on emerging technologies and decentralized security.
Which of the answers listed below refers to a set of standards and specifications that define various cryptographic techniques, including formats for public keys, private keys, digital signatures, and digital certificates?
Answer: PKCS (Public Key Cryptography Standards)
Important Information
PKCS (Public-Key Cryptography Standards) = a set of standards and specifications.
Defines:
Formats for public keys and private keys.
Standards for digital signatures.
Formats for digital certificates.
Developed by RSA Laboratories to promote interoperability.
Quick Explanation
PKCS is a collection of standards that guide how cryptographic keys and signatures are formatted and used. This ensures different systems and software can securely work together.
Why It Matters
PKCS standards are widely implemented in security protocols and tools, making them fundamental knowledge for Security+ and real-world cryptography management.
Which of the following defines a file format for storing and exchanging personal identity information, including private keys and digital certificates?
Answer: P12
Important Information
P12 (PKCS #12) = a file format for securely storing and exchanging:
Private keys
Digital certificates
Personal identity information
Supports password protection and encryption to safeguard contents.
Commonly used for importing/exporting certificates between systems.
Quick Explanation
P12 files bundle a private key and its associated certificate(s) into a single, encrypted package. This makes it easy and secure to transport identity credentials.
Why It Matters
Understanding P12 files is important for managing certificates and keys, especially when configuring secure communications like SSL/TLS. It’s a key topic for Security+ and practical security operations.
A type of digital document that verifies the identity of an individual, device, service, or organization in online communications is known as:
Answer: Digital Certificate
Important Information
Digital Certificate = a digital document that verifies identity.
Used for individuals, devices, services, or organizations.
Issued by a Certificate Authority (CA).
Contains:
Public key
Identity information
Digital signature of the CA
Enables secure, trusted online communications.
Quick Explanation
A digital certificate works like an electronic passport—it confirms that a public key belongs to a trusted entity. This helps users and systems trust each other during online interactions.
Why It Matters
Digital certificates are foundational for SSL/TLS, VPNs, and other secure communication methods. They help prevent impersonation and man-in-the-middle attacks, making them essential knowledge for Security+.
What is the role of Registration Authority (RA) in PKI? (Select 2 answers)
Answer: Accepting requests for digital certificates and Authenticating the entity making the request.
Important Information
RA accepts requests for digital certificates from users or entities.
Authenticates the identity of the requester before certificate issuance.
Acts as a gatekeeper before passing validated requests to the Certificate Authority (CA).
Does not issue certificates itself (that’s the CA’s job).
Quick Explanation
The RA verifies who is asking for a certificate and confirms their identity. Once validated, it forwards the request to the CA, which then issues the actual digital certificate.
Why It Matters
Understanding the RA’s role clarifies how PKI ensures trust and security during certificate issuance. This is key for Security+ topics on cryptographic infrastructure and identity management.
Which of the answers listed below refers to a trusted third party responsible for issuing, revoking, and managing digital certificates?
Answer: CA (Certificate Authority)
Important Information
CA (Certificate Authority) = trusted third party in PKI.
Responsible for:
Issuing digital certificates.
Revoking certificates when compromised or expired.
Managing the lifecycle of certificates.
Ensures certificates are valid and trustworthy.
Works closely with the Registration Authority (RA).
Quick Explanation
The CA is like a digital notary—it confirms identities and issues certificates that prove those identities in secure communications.
Why It Matters
The CA’s role is fundamental to establishing trust on the internet, enabling secure SSL/TLS connections, VPNs, and more. Knowing this is essential for Security+ and cybersecurity in general.
Which of the following answers refers to a means for periodic publication of all digital certificates that have been revoked?
Answer: CRL (Certificate Revocation List)
Important Information
CRL (Certificate Revocation List) = a periodic list published by a Certificate Authority (CA).
Contains all revoked digital certificates before their expiration.
Allows systems to check the revocation status of certificates.
Helps prevent trusting certificates that are compromised or invalid.
Quick Explanation
CRL is like a blacklist of certificates that should no longer be trusted. Systems consult this list to ensure they don’t accept revoked or compromised certificates.
Why It Matters
CRLs are crucial for maintaining secure communications by preventing the use of invalid certificates. This helps protect against attacks involving stolen or expired credentials—an important concept for Security+.
Which of the answers listed below refers to a protocol that enables on-demand querying of the revocation status of a digital certificate?
Answer: OCSP (Online Certificate Status Protocol
Important Information
OCSP = protocol for real-time, on-demand checking of a certificate’s revocation status.
Allows clients to query the status of a specific certificate without downloading a full CRL.
Provides faster and more efficient certificate validation.
Used in web browsers, VPNs, and other secure communications.
Quick Explanation
Instead of downloading a big list (CRL), OCSP lets systems ask the CA directly, “Is this certificate still valid?” and get an immediate answer.
Why It Matters
OCSP improves security and efficiency by ensuring certificates are still trustworthy right when they’re used. This real-time check is critical in modern PKI environments and tested on the Security+ exam.
