401 SEC+ Exam Guaranteed Pass: Expert Questions
from World-Leading Universities & Certified Global
Sources
When confidentiality is the primary concern, and a secure channel for key exchange is not
available, which of the following should be used for transmitting company documents?
A. Digital Signature
B. Symmetric
C. Asymmetric
D. Hashing - -correct ans- -Answer: C
Explanation:
Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys
are referred to as the public key and the private key. Asymmetric algorithms do not require
a secure channel for the initial exchange of secret keys between the parties.
A company is concerned that a compromised certificate may result in a man-in-the-middle
attack against backend financial servers. In order to minimize the amount of time a
compromised certificate would be accepted by other servers, the company decides to add
another validation step to SSL/TLS connections. Which of the following technologies
provides the FASTEST revocation capability?
A. Online Certificate Status Protocol (OCSP)
B. Public Key Cryptography (PKI)
C. Certificate Revocation Lists (CRL)
D. Intermediate Certificate Authority (CA) - -correct ans- -Answer: A
Explanation:
CRL (Certificate Revocation List) was first released to allow the CA to revoke certificates,
however due to limitations with this method it was succeeded by OSCP. The main
,advantage to OCSP is that because the client is allowed query the status of a single
certificate, instead of having to download and parse an entire list there is much less
overhead on the client and network
A technician wants to verify the authenticity of the system files of a potentially
compromised system. Which of the following can the technician use to verify if a system
file was compromised? (Select TWO).
A. AES
B. PGP
C. SHA
D. MD5
E. ECDHE - -correct ans- -Answer: C,D
Explanation:
Hashing is used to prove the integrity of data to prove that it hasn't been modified. Hashing
algorithms are used to derive a key mathematically from a message. The most common
hashing standards for cryptographic applications are the SHA and MD algorithms.
A security administrator must implement a secure key exchange protocol that will allow
company clients to autonomously exchange symmetric encryption keys over an
unencrypted channel. Which of the following MUST be implemented?
A. SHA-256
B. AES
C. Diffie-Hellman
D. 3DES - -correct ans- -
Which of the following must be kept secret for a public key infrastructure to remain secure?
A. Certificate Authority
, B. Certificate revocation list
C. Public key ring
D. Private ke - -correct ans- -Answer: D
Explanation:
The private key, which is also called the secret key, must be kept secret.
Which of the following allows an organization to store a sensitive PKI component with a
trusted third party?
A. Trust model
B. Public Key Infrastructure
C. Private key
D. Key escrow - -correct ans- -Answer: D
Explanation:
Sensitive PKI data, such as private keys, can be put into key escrow data. The key escrow
data can be kept at a trusted third party.
Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held
in escrow so that, under certain circumstances, an authorized third party may gain access
to those keys. These third parties may include businesses, who may want access to
employees' private communications, or governments, who may wish to be able to view the
contents of encrypted communications
Which of the following is a requirement when implementing PKI if data loss is
unacceptable?
A. Web of trust
B. Non-repudiation
C. Key escrow
from World-Leading Universities & Certified Global
Sources
When confidentiality is the primary concern, and a secure channel for key exchange is not
available, which of the following should be used for transmitting company documents?
A. Digital Signature
B. Symmetric
C. Asymmetric
D. Hashing - -correct ans- -Answer: C
Explanation:
Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys
are referred to as the public key and the private key. Asymmetric algorithms do not require
a secure channel for the initial exchange of secret keys between the parties.
A company is concerned that a compromised certificate may result in a man-in-the-middle
attack against backend financial servers. In order to minimize the amount of time a
compromised certificate would be accepted by other servers, the company decides to add
another validation step to SSL/TLS connections. Which of the following technologies
provides the FASTEST revocation capability?
A. Online Certificate Status Protocol (OCSP)
B. Public Key Cryptography (PKI)
C. Certificate Revocation Lists (CRL)
D. Intermediate Certificate Authority (CA) - -correct ans- -Answer: A
Explanation:
CRL (Certificate Revocation List) was first released to allow the CA to revoke certificates,
however due to limitations with this method it was succeeded by OSCP. The main
,advantage to OCSP is that because the client is allowed query the status of a single
certificate, instead of having to download and parse an entire list there is much less
overhead on the client and network
A technician wants to verify the authenticity of the system files of a potentially
compromised system. Which of the following can the technician use to verify if a system
file was compromised? (Select TWO).
A. AES
B. PGP
C. SHA
D. MD5
E. ECDHE - -correct ans- -Answer: C,D
Explanation:
Hashing is used to prove the integrity of data to prove that it hasn't been modified. Hashing
algorithms are used to derive a key mathematically from a message. The most common
hashing standards for cryptographic applications are the SHA and MD algorithms.
A security administrator must implement a secure key exchange protocol that will allow
company clients to autonomously exchange symmetric encryption keys over an
unencrypted channel. Which of the following MUST be implemented?
A. SHA-256
B. AES
C. Diffie-Hellman
D. 3DES - -correct ans- -
Which of the following must be kept secret for a public key infrastructure to remain secure?
A. Certificate Authority
, B. Certificate revocation list
C. Public key ring
D. Private ke - -correct ans- -Answer: D
Explanation:
The private key, which is also called the secret key, must be kept secret.
Which of the following allows an organization to store a sensitive PKI component with a
trusted third party?
A. Trust model
B. Public Key Infrastructure
C. Private key
D. Key escrow - -correct ans- -Answer: D
Explanation:
Sensitive PKI data, such as private keys, can be put into key escrow data. The key escrow
data can be kept at a trusted third party.
Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held
in escrow so that, under certain circumstances, an authorized third party may gain access
to those keys. These third parties may include businesses, who may want access to
employees' private communications, or governments, who may wish to be able to view the
contents of encrypted communications
Which of the following is a requirement when implementing PKI if data loss is
unacceptable?
A. Web of trust
B. Non-repudiation
C. Key escrow
