401 SEC+ Exam Guaranteed Pass: Expert Questions from
World-Leading Universities & Certified Global Sources
A technician wants to verify the authenticity of the system files of a potentially compromised
system. Which of the following can the technician use to verify if a system file was
compromised? (Select TWO).
A. AES
B. PGP
C. SHA D. MD5
E. ECDHE - -correct ans- -Answer: C,D
Explanation:
Hashing is used to prove the integrity of data to prove that it hasn't been modified. Hashing
algorithms are used to derive a key mathematically from a message. The most common hashing
standards for cryptographic applications are the SHA and MD algorithms.
A security administrator must implement a secure key exchange protocol that will allow
company clients to autonomously exchange symmetric encryption keys over an unencrypted
channel. Which of the following MUST be implemented?
A. SHA-256
B. AES
C. Diffie-Hellman
D. 3DES - -correct ans- -
Which of the following must be kept secret for a public key infrastructure to remain secure?
A. Certificate Authority
B. Certificate revocation list
,C. Public key ring
D. Private ke - -correct ans- -Answer: D
Explanation:
The private key, which is also called the secret key, must be kept secret.
Which of the following allows an organization to store a sensitive PKI component with a trusted
third party? A. Trust model B. Public Key Infrastructure C. Private key
D. Key escrow - -correct ans- -Answer: D
Explanation:
Sensitive PKI data, such as private keys, can be put into key escrow data. The key escrow data
can be kept at a trusted third party.
Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held in
escrow so that, under certain circumstances, an authorized third party may gain access to those
keys. These third parties may include businesses, who may want access to employees' private
communications, or governments, who may wish to be able to view the contents of encrypted
communications
When confidentiality is the primary concern, and a secure channel for key exchange is not
available, which of the following should be used for transmitting company documents? A.
Digital Signature
B. Symmetric
C. Asymmetric
D. Hashing - -correct ans- -Answer: C
Explanation:
Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are
referred to as the public key and the private key. Asymmetric algorithms do not require a secure
channel for the initial exchange of secret keys between the parties.
, A company is concerned that a compromised certificate may result in a man-in-the-middle
attack against backend financial servers. In order to minimize the amount of time a
compromised certificate would be accepted by other servers, the company decides to add
another validation step to SSL/TLS connections. Which of the following technologies provides
the FASTEST revocation capability?
A. Online Certificate Status Protocol (OCSP)
B. Public Key Cryptography (PKI)
C. Certificate Revocation Lists (CRL)
D. Intermediate Certificate Authority (CA) - -correct ans- -Answer: A
Explanation:
CRL (Certificate Revocation List) was first released to allow the CA to revoke certificates,
however due to limitations with this method it was succeeded by OSCP. The main advantage to
OCSP is that because the client is allowed query the status of a single certificate, instead of
having to download and parse an entire list there is much less overhead on the client and
network
Which of the following is a requirement when implementing PKI if data loss is
unacceptable? A. Web of trust
B. Non-repudiation
C. Key escrow
D. Certificate revocation list - -correct ans- -Answer: C
Explanation:
Key escrow is a database of stored keys that later can be retrieved.
Key escrow addresses the possibility that a third party may need to access keys. Under the
conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow
account (think of the term as it relates to home mortgages) and made available if that third
World-Leading Universities & Certified Global Sources
A technician wants to verify the authenticity of the system files of a potentially compromised
system. Which of the following can the technician use to verify if a system file was
compromised? (Select TWO).
A. AES
B. PGP
C. SHA D. MD5
E. ECDHE - -correct ans- -Answer: C,D
Explanation:
Hashing is used to prove the integrity of data to prove that it hasn't been modified. Hashing
algorithms are used to derive a key mathematically from a message. The most common hashing
standards for cryptographic applications are the SHA and MD algorithms.
A security administrator must implement a secure key exchange protocol that will allow
company clients to autonomously exchange symmetric encryption keys over an unencrypted
channel. Which of the following MUST be implemented?
A. SHA-256
B. AES
C. Diffie-Hellman
D. 3DES - -correct ans- -
Which of the following must be kept secret for a public key infrastructure to remain secure?
A. Certificate Authority
B. Certificate revocation list
,C. Public key ring
D. Private ke - -correct ans- -Answer: D
Explanation:
The private key, which is also called the secret key, must be kept secret.
Which of the following allows an organization to store a sensitive PKI component with a trusted
third party? A. Trust model B. Public Key Infrastructure C. Private key
D. Key escrow - -correct ans- -Answer: D
Explanation:
Sensitive PKI data, such as private keys, can be put into key escrow data. The key escrow data
can be kept at a trusted third party.
Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held in
escrow so that, under certain circumstances, an authorized third party may gain access to those
keys. These third parties may include businesses, who may want access to employees' private
communications, or governments, who may wish to be able to view the contents of encrypted
communications
When confidentiality is the primary concern, and a secure channel for key exchange is not
available, which of the following should be used for transmitting company documents? A.
Digital Signature
B. Symmetric
C. Asymmetric
D. Hashing - -correct ans- -Answer: C
Explanation:
Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are
referred to as the public key and the private key. Asymmetric algorithms do not require a secure
channel for the initial exchange of secret keys between the parties.
, A company is concerned that a compromised certificate may result in a man-in-the-middle
attack against backend financial servers. In order to minimize the amount of time a
compromised certificate would be accepted by other servers, the company decides to add
another validation step to SSL/TLS connections. Which of the following technologies provides
the FASTEST revocation capability?
A. Online Certificate Status Protocol (OCSP)
B. Public Key Cryptography (PKI)
C. Certificate Revocation Lists (CRL)
D. Intermediate Certificate Authority (CA) - -correct ans- -Answer: A
Explanation:
CRL (Certificate Revocation List) was first released to allow the CA to revoke certificates,
however due to limitations with this method it was succeeded by OSCP. The main advantage to
OCSP is that because the client is allowed query the status of a single certificate, instead of
having to download and parse an entire list there is much less overhead on the client and
network
Which of the following is a requirement when implementing PKI if data loss is
unacceptable? A. Web of trust
B. Non-repudiation
C. Key escrow
D. Certificate revocation list - -correct ans- -Answer: C
Explanation:
Key escrow is a database of stored keys that later can be retrieved.
Key escrow addresses the possibility that a third party may need to access keys. Under the
conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow
account (think of the term as it relates to home mortgages) and made available if that third
