Chapter 6: Cryptography and PKI
If a threat actor obtains an SSL private key, what type of attack can be performed? (Choose two.) A. Eavesdropping B. Man-in-the-middle C. Social engineering D. Brute force
A and B. A threat actor can create an eavesdropping and a man-in-the-middle attack. Eavesdropping with a private key can allow the threat actor to see data in clear text. A man-in-the-middle attack can allow the threat actor to modify the data transmitting to the server, such as adding malware to the data.
Which of the following are negotiation protocols commonly used by TLS? (Choose two.) A. DHE B. ECDHE C. RSA D. SHA
A and B. DHE (Diffie-Hellman Ephemeral) and ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) are commonly used with TLS to provide perfect forward secrecy.
Which of the following benefits do digital signatures provide? (Choose two.) A. Nonrepudiation B. Authentication C. Encryption D. Key exchange
A and B. Digital signatures provide three core benefits: authentication, integrity, and nonrepudiation.
Which of the following hardware devices can store keys? (Choose two.) A. USB flash drive B. Smartcard C. PCI expansion card D. Cipher lock
A and B. USB flash drives and smartcards can carry a token and store keys for authentication to systems. They are often used in a multifactor authentication situation.
Which of the following are the filename extensions for PKCS #12 files? (Choose two.) A. .p12 B. .KEY C. .pfx D. .p7b
A and C. .p12 and .pfx are filename extensions for PKCS #12 files.
James, a WLAN security engineer, recommends to management that WPA-Personal security should not be deployed within the company's WLAN for their vendors. Which of the following statements best describe James's recommendation? (Choose two.) A. Static preshared passphrases are susceptible to social engineering attacks. B. WPA-Personal uses public key encryption. C. WPA-Personal uses a weak TKIP encryption. D. WPA-Personal uses a RADIUS authentication server.
A and C. Preshared passphrases can be obtained from a threat actor by the use of social engineering skills and connect to the AP. WPA-Personal uses TKIP encryption, which is considered a weak option.
Which of the following items are found within a digital certificate? (Choose two.) A. Serial number B. Default gateway C. Public key D. Session key
A and C. The structure of an X.509 digital signature includes a serial number and public key of the user or device.
Which of the following are restricted to 64-bit block sizes? (Choose two.) A. DES B. SHA C. MD5 D. 3DES
A and D. DES and 3DES are symmetric-key block ciphers using a 64-bit block size.
Elliptic curve cryptosystem (ECC) is an asymmetric algorithm. Which of the following statements best describe why ECC is different from other asymmetric algorithms? (Choose two.) A. It is more efficient. B. It provides digital signatures, secure key distribution, and encryption. C. It uses more processing power to perform encryption. D. It provides fast key generation.
A and D. Elliptic curve cryptosystem (ECC) differs from other asymmetric algorithms due to its efficiency. ECC uses less processing power and works best in low power devices such as wireless devices and cellular phones. ECC generates keys faster than other asymmetric algorithms.
Which of the following security setup modes are intended for use in a small office or home office environment? (Choose two.) A. WPS B. WPA-Enterprise C. WPA2-Enterprise D. WPA2-Personal
A and D. Most small office, home office (SOHO) networks use WPS and WPA2-Personal. WPS is a network security standard that allows home users to easily add new devices to an existing wireless network without entering long passphrases. WPA2-Personal uses a passphrase that is entered into the SOHO router.
In an 802.1x implementation, which of the following devices mutually authenticate with each other? (Choose two.) A. Authentication server B. Certificate authority C. Domain controller D. Supplicant
A and D. The authentication server and supplicant mutually authenticate with each other. This helps prevent rogue devices from connecting to the network.
How many effective key sizes of bits does 3DES have? (Choose three.) A. 56 B. 112 C. 128 D. 168
A, B, and D. 3DES is a symmetric key block cipher that applies the DES cipher algorithm three times to each data block. 3DES has three keying options. First, all three keys are independent, so 3 × 56 = 168-bit key length. Second, key 1 and key 2 are independent and the third key is the same as the first key, so 2 × 56 = 112-bit key length. Third, all three keys are identical, so 1 × 56 = 56-bit key length.
Your security manager is looking to implement a one-time pad scheme for the company's salespeople to use when traveling. Which of the following best describes a requirement for this implementation? (Choose three.) A. The pad must be distributed securely and protected at its destination. B. The pad must always be the same length. C. The pad must be used only one time. D. The pad must be made up of truly random values.
A, C, and D. A one-time pad must be delivered by a secure method and properly guarded at each destination. The pad must be used one time only to avoid introducing patterns, and it must be made up of truly random values. Today's computer systems have pseudo-random-number generators, which are seeded by an initial value from some component within the computer system.
Which of the following types of device are found in a network that supports Wi-Fi Protected Setup (WPS) protocol? (Choose three.) A. Registrar B. Supplicant C. Enrollee D. Access Point
A, C, and D. The WiFi Protected Setup protocols define the following devices in a network. A registrar is the device with the authority to issue or revoke access to the network. The enrollee is a client device that is seeking to join the wireless network. The AP (access point) functions as a proxy between the registrar and the enrollee.
Which of the following provides additional encryption strength by repeating the encryption process with additional keys? A. 3DES B. AES C. Twofish D. Blowfish
A. 3DES is a symmetric algorithm used to encrypt data by applying the DES cipher algorithm three times to the data.
Which of the following transpires in a PKI environment? A. The CA signs the certificate. B. The RA signs the certificate. C. The RA creates the certificate and the CA signs it. D. The CA creates the certificate and the RA signs it.
A. A CA (certificate authority) is a trusted entity that creates and digitally signs certificates so the receiver can verify the certificate came from that specific CA.
Which of the following digital certificate management practices will ensure that a lost certificate is not compromised? A. CRL B. Key escrow C. Nonrepudiation D. Recovery agent
A. A CRL (certificate revocation list) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should not be trusted.
You are a security technician and have been given the task to implement a PKI on the company's network. When verifying the validity of a certificate, you want to ensure bandwidth isn't consumed. Which of the following can you implement? A. CRL B. OCSP C. Key escrow D. CA
A. A CRL (certificate revocation list) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should not be trusted.
Zack, an administrator, needs to renew a certificate for the company's web server. Which of the following would you recommend Zack submit to the CA? A. CSR B. Key escrow C. CRL D. OCSP
A. A CSR (certificate signing request) is a request an applicant sends to a CA for the purpose of applying for a digital identity certificate.
Which of the following would a public key be used for? A. To decrypt a hash of a digital signature B. To encrypt TLS traffic C. To digitally sign messages D. To decrypt TLS messages
A. A digital signature is a one-way hash and encrypted with the private key. The public key is used to decrypt the hash and validate the integrity of the digital signature. Digital signatures supports non-repudiation; where the sender can not refute sending the message.
Which of the following works similarly to stream ciphers? A. One-time pad B. RSA C. AES D. DES
A. A stream cipher encrypts one plain text digit at a time with the corresponding digit of the keystream. Stream ciphers provide the same type of protection as one-time pads do.
Which of the following algorithms is typically used to encrypt data-at-rest? A. Symmetric B. Asymmetric C. Stream D. Hashing
A. A symmetric algorithm, sometimes called a secret key algorithm, uses the same key to encrypt and decrypt data and is typically used to encrypt data-at-rest.
You are performing a vulnerability assessment on a company's LAN and determine they are using 802.1x for secure access. Which of the following attacks can a threat actor use to bypass the network security? A. MAC spoofing B. ARP poisoning C. Ping of death D. Xmas attack
A. A threat actor can spoof a device's MAC address and bypass 802.1x authentication. Using 802.1x with client certificates or tunneled authentication can help prevent this attack.
Which of the following automatically updates browsers with a list of root certificates from an online source to track which certificates are to be trusted? A. Trust model B. Key escrow C. PKI D. RA
A. A trust model is a collection of rules that informs applications as to how to decide the validity of a digital certificate.
The CIO has instructed you to set up a system where credit card data will be encrypted with the most secure symmetric algorithm with the least amount of CPU usage. Which of the following algorithms would you choose? A. AES B. SHA-1 C. MD5 D. 3DES
A. AES (Advanced Encryption Standard) is a symmetric algorithm used to encrypt data that uses the least amount of CPU usage.
AES is an algorithm used for which of the following? A. Encrypting a large amount of data B. Encrypting a small amount of data C. Key recovery D. Key revocation
A. AES (Advanced Encryption Standard) is a symmetric algorithm used to encrypt large amounts of data (bulk).
Which of the following is a symmetric encryption algorithm that is available in 128-bit, 192-bit, and 256-bit key versions? A. AES B. DES C. RSA D. TKIP
A. AES is a symmetric encryption that supports key sizes of 128, 192, and 256 bits.
Which of the following is an encryption standard that uses a single 56-bit symmetric key? A. DES B. 3DES C. AES D. WPS
A. DES is a symmetric encryption standard that uses a key length of 56 bits.
Which of the following is used to exchange cryptographic keys? A. Diffie-Hellman B. HMAC C. ROT13 D. RC4
A. Diffie-Hellman is used to establish a shared secret between two users and is primarily used as a method of exchanging cryptography keys.
Your company is looking to accept electronic orders from a vendor and wants to ensure nonauthorized people cannot send orders. Your manager wants a solution that provides nonrepudiation. Which of the following options would meet the requirements? A. Digital signatures B. Hashes C. Steganography D. Perfect forward secrecy
A. Digital signatures are created by using the user's or computer's private key that is accessible only to that user or computer. Nonrepudiation is the assurance that someone cannot deny something.
Katelyn is sending an important email to Zackary, the manager of human resources. Company policy states messages to human resources must be digitally signed. Which of the following statements is correct? A. Katelyn's public key is used to verify the digital signature. B. Katelyn's private key is used to verify the digital signature. C. Zackary's public key is used to verify the digital signature. D. Zackary's private key is used to verify the digital signature.
A. Digital signatures are created with the sender's private key and verified by the sender's public key.
Which of the following EAP types use a three-phase operation? A. EAP-FAST B. EAP-TLS C. EAP-TTLS D. PEAP
A. EAP-FAST is for situations where strong password policy cannot be enforced and certificates are not used. EAP-FAST consists of three phases: EAP-FAST authentication, establishment of a secure tunnel, and client authentication.
Matt, a network administrator, is deciding which credential-type authentication to use within the company's planned 802.1x deployment. He is searching for a method that requires a client certificate and a server-side certificate, and that uses tunnels for encryption. Which credential-type authentication method would Matt use? A. EAP-TLS B. EAP-FAST C. PEAP D. EAP
A. EAP-TLS is a remote access authentication protocol that supports the use of smartcards or user and computer certificates, also known as machine certificates, to authenticate wireless access clients. EAP-TLS can use tunnels for encryption by use of TLS.
Which of the following EAP types uses the concepts of public key infrastructure (PKI)? A. EAP-TLS B. PEAP C. EAP-FAST D. EAP-TTLS
A. EAP-TLS uses the concepts of public key infrastructure (PKI). It eliminates the need for a shared secret between the client and the server. Digital certificates are used instead.
Your company's branch offices connect to the main office through a VPN. You recently discovered the key used on the VPN has been compromised. What should you do to ensure the key isn't compromised in the future? A. Enable perfect forward secrecy at the main office and branch office ends of the VPN. B. Enable perfect forward secrecy at the main office end of the VPN. C. Enable perfect forward secrecy at the branch office end of the VPN. D. Disable perfect forward secrecy at the main office and branch office ends of the VPN.
A. Enable perfect forward secrecy (PFS) at the main office and branch office end of the VPN. Perfect forward secrecy is a way to ensure the safety of session keys from future abuse by threat actors.
A security manager has asked you to explain why encryption is important and what symmetric encryption offers. Which of the following is the best explanation? A. Confidentiality B. Nonrepudiation C. Steganography D. Collision
A. Encryption provides confidentiality because the data is scrambled and cannot be read by an unauthorized user. Symmetric encryption uses one key to encrypt, and decrypting data with one key is considered fast.
You have been instructed by the security manager to protect the server's data-at-rest. Which of the following would provide the strongest protection? A. Implement a full-disk encryption system. B. Implement biometric controls on data entry points. C. Implement a host-based intrusion detection system. D. Implement a host-based intrusion prevention system.
A. Full-disk encryption on data-at-rest will help protect the inactive data should the storage device be stolen. The thief would not be able to read the data.
In asymmetric encryption, what is used to decrypt an encrypted file? A. Private key B. Public key C. Message digest D. Ciphertext
A. In asymmetric encryption, sometimes referred to as public key encryption, the private key is used to decrypt an encrypted file.
James, an IT manager, expresses a concern during a monthly meeting about weak user passwords used on company servers and how they may be susceptible to brute-force password attacks. Which concept can James implement to make the weak passwords stronger? A. Key stretching B. Key escrow C. Key strength D. ECC
A. Key stretching increases the strength of stored passwords and protects passwords from brute-force attacks and rainbow table attacks.
Which of the following is the least secure hashing algorithm? A. MD5 B. RIPEMD C. SHA-1 D. AES
A. MD5 produces a 128-bit message digest regardless of the length of the input text. Option B is incorrect. RIPEMD produces a 128-, 160-, 256-, and 320-bit message digest. RIPEMD was not often seen in practical implementations. Option C is incorrect. SHA-1 produces a 160-bit message digest regardless of the length of the input text. Option D is incorrect. AES (Advanced Encryption Standard) is a symmetric algorithm used for encryption and not considered a hashing algorithm.
PEAP protects authentication transfers by implementing which of the following? A. TLS tunnels B. SSL tunnels C. AES D. SHA hashes
A. PEAP is a protocol that encapsulates the EAP within a TLS tunnel.
You are the network administrator for a small office of 35 users and need to utilize mail encryption that will allow specific users to encrypt outgoing email messages. You are looking for an inexpensive onsite encryption server. Which of the following would you implement? A. PGP/GPG B. WPA2 C. CRL D. EAP-TLS
A. PGP (Pretty Good Privacy) or GPG (GNU Privacy Guard) provides a low-cost or open source alternative solution that allows users to encrypt their outgoing emails.
Which of the following is a form of encryption also known as ROT13? A. Substitution cipher B. Transposition cipher C. Diffusion D. Confusion
A. Substitution ROT13 replaces a letter with the 13th letter after it in the alphabet.
Your IT support center is receiving a high number of calls stating that users trying to access the company's website are receiving certificate errors within their browsers. Which of the following statements best describes what the issue is? A. The website certificate has expired. B. Users have forgotten their usernames or passwords. C. The domain name has expired. D. The network is currently unavailable.
A. Users are receiving the error because the website certificate has expired. The user can continue accessing the website, but the error will state the user could be accessing an untrusted site.
You are asked to create a wireless network for your company that implements a wireless protocol that provides maximum security while providing support for older wireless devices. Which protocol should you use? A. WPA B. WPA2 C. WEP D. IV
A. WPA (WiFi Protected Access) is a security standard that replaced and improved on WEP and is designed to work with older wireless clients.
When setting up a secure wireless company network, which of the following should you avoid? A. WPA B. WPA2 C. EAP-TLS D. PEAP
A. WPA (WiFi Protected Access) is a security standard that replaced and improved on WEP. WPA is less secure than WPA2.
Tim, a wireless administrator, has been tasked with securing the company's WLAN. Which of the following cryptographic protocols would Tim use to provide the most secure environment for the company? A. WPA2 CCMP B. WEP C. WPA D. WPA2 TKIP
A. WPA2 CCMP replaced TKIP and is a more advanced encryption standard. CCMP provides data confidentiality and authentication.
You set up your wireless SOHO router to encrypt wireless traffic, and you configure the router to require wireless clients to authenticate against a RADIUS server. What type of security have you configured? A. WPA2 Enterprise B. WPA2 Personal C. TKIP D. WEP
A. WPA2 Enterprise uses an authentication server such as a RADIUS server to control access to a WLAN.
You are the security manager for your company, and a system administrator wants to know if there is a way to reduce the cost of certificates by purchasing a certificate to cover all domains and subdomains for the company. Which of the following solutions would you offer? A. Wildcards B. Object identifiers C. Key escrow D. OCSP
A. Wildcard certificates allow the company to secure an unlimited number of subdomain certificates on a domain name from a third party.
Which of the following symmetric key algorithms are block ciphers? (Choose two.) A. MD5 B. 3DES C. RC4 D. Blowfish
B and D. 3DES and Blowfish are a symmetric-key block cipher. 3DES and Blowfish use a block size of 64 bits.
Which of the following are authentication protocols? (Choose two.) A. WPS B. EAP C. IPSec D. IEEE 802.1x
B and D. EAP and IEEE 802.1x are authentication protocols that transfer authentication data between two devices.
Which of the following are considered cryptographic hash functions? (Choose two.) A. AES B. MD5 C. RC4 D. SHA-256
B and D. MD5 and SHA are considered cryptography hashing functions that transform a string of characters into a fixed-length value.
Which of the following statements are true regarding ciphers? (Choose two.) A. Stream ciphers encrypt fixed sizes of data. B. Stream ciphers encrypt data one bit at a time. C. Block ciphers encrypt data one bit at a time. D. Block ciphers encrypt fixed sizes of data.
B and D. Stream ciphers is a low latency operation that encrypt data one bit at a time, and block ciphers encrypt data one block, or fixed block, at a time.
You have implemented a PKI to send signed and encrypted data. The user sending data must have which of the following? (Choose two.) A. The receiver's private key B. The sender's private key C. The sender's public key D. The receiver's public key
B and D. To sign the data for nonrepudiation purposes, the sender uses their private key and when encrypting the data, the sender uses the receiver's public key.
Which of the following statements are correct about public and private key pairs? (Choose two.) A. Public and private keys work in isolation of each other. B. Public and private keys work in conjunction with each other as a team. C. If the public key encrypts the data using an asymmetric encryption algorithm, the corresponding private key is used to decrypt the data. D. If the private key encrypts the data using an asymmetric encryption algorithm, the receiver uses the same private key to decrypt the data.
B and C. Public and private keys work with each other to encrypt and decrypt data. If the data is encrypted with the receiver's public key, the receiver decrypts the data with their private key.
Which of the following use PSK authentication? (Choose two.) A. WPA-Enterprise B. WPA-Personal C. WPA2-Personal D. WPA2-Enterprise
B and C. Security used in SOHO environments is PSK (preshared key) authentication. WPA-Personal and WPA2-Personal use the PSK authentication method.
Your company has a public key infrastructure (PKI) in place to issue digital certificates to users. Recently, your company hired temporary contractors for a project that is now complete. Management has requested that all digital certificates issued to the contractors be revoked. Which PKI component would you consult for the management's request? A. CA B. CRL C. RA D. CSR
B. A CRL (certificate revocation list) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should not be trusted.
Which of the following is correct regarding root certificates? A. Root certificates never expire. B. A root certificate contains the public key of the CA. C. A root certificate contains information about the user. D. A root certificate cannot be used to authorize subordinate CAs to issue certificates on its behalf.
B. A root certificate is a public key certificate that identifies the root CA (certificate authority). Digital certificates are verified using a chain of trust (certificate chaining) and the trust anchor for the certificate is the root certificate authority (CA).
A coworker is connecting to a secure website using HTTPS. The coworker informs you that before the website loads, their web browser displays an error indicating that the site certificate is invalid and the site is not trusted. Which of the following is most likely the issue? A. The web browser is requiring an update. B. The server is using a self-signed certificate. C. A web proxy is blocking the connection. D. The web server is currently unavailable.
B. A self-signed certificate will display an error in the browser stating the site is not trusted because the self-signed certificate is not from a trusted certificate authority.
You are conducting a one-time electronic transaction with another company. The transaction needs to be encrypted, and for efficiency and simplicity, you want to use a single key for encryption and decryption of the data. Which of the following types would you use? A. Asymmetric B. Symmetric C. Hashing D. Steganography
B. A symmetric algorithm, also known as a secret key algorithm, uses the same key to encrypt and decrypt data.
Your company has recently implemented an encryption system on the network. The system uses a secret key between two parties and must be kept secret. Which system was implemented? A. Asymmetric algorithm B. Symmetric algorithm C. Hashing algorithm D. Steganography
B. A symmetric algorithm, also known as a secret key algorithm, uses the same key to encrypt and decrypt data.
You are a security manager and have been asked to encrypt database system information that contains employee social security numbers. You are looking for an encryption standard that is fast and secure. Which of the following would you suggest to accomplish the requirements? A. SHA-256 B. AES C. RSA D. MD5
B. AES (Advanced Encryption Standard) is a symmetric algorithm used to encrypt data that is fast and secure.
Which of the following ciphers was created from the foundation of the Rijndael algorithm? A. TKIP B. AES C. DES D. 3DES
B. AES is a subset of the Rijndael cipher developed by Vincent Rijmen and Joan Daemen. Rijndael is a family of ciphers with different key and block sizes.
Which of the following types of encryption offers easy key exchange and key management? A. Obfuscation B. Asymmetric C. Symmetric D. Hashing
B. Asymmetric encryption is also known as public key cryptography and uses public and private keys to exchange a session key between two parties. It offers key management by administering the life cycle of cryptographic keys and protecting them from loss or misuse.
You must implement a cryptography system that applies encryption to a group of data at a time. Which of the following would you choose? A. Stream B. Block C. Asymmetric D. Symmetric
B. Block ciphers encrypt data one block, or fixed block, at a time. Cryptographic service provider, a cryptographic module, performs block and stream cryptography algorithms.
Which of the following cipher modes uses a feedback-based encryption method to ensure that repetitive data result in unique cipher text? A. ECB B. CBC C. GCM D. CTM
B. CBC (Cipher Block Chaining) mode uses feedback information to ensure the current block ciphertext differs from other blocks even if the same data is being encrypted.
You are installing a network for a small business named Matrix Interior Design that the owner is operating out of their home. There are only four devices that will use the wireless LAN, and you are installing a SOHO wireless router between the wireless LAN clients and the broadband connection. To ensure better security from outside threats connecting to the wireless SOHO router, which of the following would be a good choice for the WPA2-PSK passphrase? A. 123456 B. XXrcERr6Euex9pRCdn3h3 C. bRtlBv D. HomeBusiness
B. Complex passwords of 16 or more ASCII characters are considered strong. Passwords should follow the complexity rule of having three of the four following items: lowercase letter, uppercase letter, number, and special character.
A company's database is beginning to grow, and the data-at-rest are becoming a concern with the security administrator. Which of the following is an option to secure the data-at-rest? A. SSL certificate B. Encryption C. Hashing D. TLS certificate
B. Data-at-rest is all data that is inactive and physically stored in a physical digital form such as nonvolatile memory. If the device the data is stored on is stolen, the unauthorized person will not be able to read the data due to the encryption.
Mary is concerned about the validity of an email because a coworker denies sending it. How can Mary prove the authenticity of the email? A. Symmetric algorithm B. Digital signature C. CRL D. Asymmetric algorithm
B. Digital signatures are created by using the user's or computer's private key that is accessible only to that user or computer. Nonrepudiation is the assurance that someone cannot deny something.
Which of the following security mechanisms can be used for the purpose of nonrepudiation? A. Encryption B. Digital signature C. Collision D. CA
B. Digital signatures are created by using the user's or computer's private key that is accessible only to that user or computer. Nonrepudiation is the assurance that someone cannot deny something.
Which of the following protocols should be used to authenticate remote access users with smartcards? A. PEAP B. EAP-TLS C. CHAP D. MS-CHAPv2
B. EAP-TLS is a remote access authentication protocol that supports the use of smartcards.
Which cryptography concept uses points on a curve to define public and private key pairs? A. Obfuscation B. ECC C. Stream cipher D. Block cipher
B. ECC (elliptical curve cryptography) is based on elliptic curve theory that uses points on a curve to define more efficient public and private keys.
Most authentication systems make use of a one-way encryption process. Which of the following is an example of a one-way encryption? A. Symmetric algorithm B. Hashing C. Asymmetric algorithm D. PKI
B. Hashing is a one-way encryption that transforms a string of characters into a fixed-length value or key, also known as a hash value. Hashes ensure the integrity of data or messages.
Which of the following cryptography concepts converts output data into a fixed-length value and cannot be reversed? A. Steganography B. Hashing C. Collision D. IV
B. Hashing is a one-way encryption that transforms a string of characters into a fixed-length value or key, also known as a hash value. Hashes ensure the integrity of data or messages.
WEP's RC4 approach to encryption uses a 24-bit string of characters added to data that are transmitted. The same plain text data frame will not appear as the same WEP-encrypted data frame. What is this string of characters called? A. Diffusion B. IV C. Session key D. Hashing
B. IV (initialization vector) is an arbitrary number that is used with a secret key for data encryption. IV makes it more difficult for hackers to break a cipher.
Root CAs can delegate their authority to which of the following to issue certificates to users? A. Registered authorities B. Intermediate CAs C. CRL D. CSR
B. In a certification hierarchy, the root CA certifies the intermediate CA and can issue certificates to users, computers, or services.
Matt has been told that successful attacks have been taking place and data that has been encrypted by his company's software system has leaked to the company's competitors. Matt, through investigation, has discovered patterns due to the lack of randomness in the seeding values used by the encryption algorithm in the company's software. This discovery has led to successful reverse engineering. What can the company use to ensure patterns are not created during the encryption process? A. One-time pad B. Initialization vector C. Stream cipher D. Block cipher
B. Initialization vectors (IVs) are random values that are used with algorithms to ensure patterns are not created during the encryption process. IVs are used with keys and are not encrypted when being sent to the destination.
Your company is looking for a secure backup mechanism for key storage in a PKI. Which of the following would you recommend? A. CSR B. Key escrow C. CRL D. CA
B. Key escrow is a security measure where cryptographic keys are held in escrow by a third party and under normal circumstances, the key should not be released to someone other than the sender or receiver without proper authorization.
Data integrity is provided by which of the following? A. 3DES B. MD5 C. AES D. Blowfish
B. MD5 is a hashing algorithm that transforms a string of characters into a fixed-length value or key, also known as a hash value. Hashes ensure the integrity of data or messages.
Which of the following would you use to verify certificate status by receiving a response of "good," "revoked," or "unknown"? A. CRL B. OSCP C. RA D. PKI
B. OCSP (Online Certificate Status Protocol) is a protocol that can be used to query a certificate authority about the revocation status of a given certificate. It validates certificates by returning responses such as "good," "revoked," and "unknown."
Which of the following is an authentication service and uses UDP as a transport medium? A. TACACS+ B. RADIUS C. LDAP D. Kerberos
B. RADIUS is a client-server protocol that enables remote access servers to communicate with a central server to authenticate users. RADIUS uses symmetric encryption for security, and messages are sent as UDP.
Which of the following encryption methods is used by RADIUS? A. Asymmetric B. Symmetric C. Elliptic curve D. RSA
B. RADIUS is a client-server protocol that enables remote access servers to communicate with a central server to authenticate users. RADIUS uses symmetric encryption for security.
SSL is a protocol used for securing transactions transmitting over an untrusted network such as the Internet. Which of the following best describes the action that occurs during the SSL connection setup process? A. The client creates a session key and encrypts it with the server's private key. B. The client creates a session key and encrypts it with the server's public key. C. The server creates a session key and encrypts it with the client's private key. D. The server creates a session key and encrypts it with the client's public key.
B. SSL (Secure Socket Layer) uses public key encryption. When a client accesses a secured website, it will generate a session key and encrypt it with the server's public key. The session key is decrypted with the server's private key, and the session key is used to encrypt and decrypt data sent back and forth.
Which statement is true regarding the difference between a secure cipher and a secure hash? A. A secure hash can be reversed; a secure cipher cannot. B. A secure cipher can be reversed; a secure hash cannot. C. A secure hash produces a variable output for any input size; a secure cipher does not. D. A secure cipher produces the same size output for any input size; a hash does not.
B. Secure ciphers can be reverse engineered, but hashes cannot be reversed when reverse engineered attempting to re-create a data file. Hashing is a one-way encryption that is used for integrity purposes.
Why would a threat actor use steganography? A. To test integrity B. To conceal information C. To encrypt information D. To create a hashing value
B. Steganography is a process of hiding data within data. This technique can be applied to images, video files, or audio files.
You are a security administrator and have discovered one of the employees has been encoding confidential information into graphic files. Your employee is sharing these pictures on their social media account. What concept was the employee using? A. Hashing B. Steganography C. Symmetric algorithm D. Asymmetric algorithm
B. Steganography is a process of hiding data within data. This technique can be applied to images, video files, or audio files.
Katelyn, a network administrator, has deleted the account for a user who left the company last week. The user's files were encrypted with a private key. How can Katelyn view the user's files? A. The data can be decrypted using the backup user account. B. The data can be decrypted using the recovery agent. C. She must re-create the former user's account. D. The data can be decrypted using a CRL.
B. The data can be decrypted with a recovery agent if the company configured one before. If there is no recovery agent, the encrypted file will be unrecoverable.
Which symmetric block cipher supersedes Blowfish? A. RSA B. Twofish C. MD5 D. PBKDF2
B. Twofish is a symmetric block cipher that replaced Blowfish.
What encryption protocol does WEP improperly use? A. RC6 B. RC4 C. AES D. DES
B. WEP uses the encryption protocol RC4 and is considered insecure.
You are a security administrator and have been given instructions to update the access points to provide a more secure connection. The access points are currently set to use WPA TKIP for encryption. Which of the following would you configure to accomplish the task of providing a more secure connection? A. WEP B. WPA2 CCMP C. Enable MAC filtering D. Disable SSID broadcast
B. WPA2 CCMP replaced TKIP and is a more advanced encryption standard. CCMP provides data confidentiality and authentication.
You are configuring your friend's new wireless SOHO router and discover a PIN on the back of the router. Which of the following best describes the purpose of the PIN? A. This is a WEP PIN. B. This is a WPS PIN. C. This is a WPA PIN. D. This is a Bluetooth PIN.
B. WPS is a network security standard that allows home users to easily add new devices to an existing wireless network without entering long passphrases. Users enter a PIN to allow the device to connect after pressing the WPS button on the SOHO router.
Wi-Fi Alliance recommends that a passphrase be how many characters in length for WPA2-Personal security? A. 6 characters B. 8 characters C. 12 characters D. 16 characters
B. WiFi Alliance, a nonprofit organization that promotes WiFi technology, recommends a passphrase be at least eight characters long and include a mixture of upper- and lowercase letters and symbols.
Which of the following implement Message Integrity Code (MIC)? (Choose two.) A. AES B. DES C. CCMP D. TKIP
C and D. Message Integrity Code (MIC) is a security improvement for WEP encryption within wireless networks. TKIP and CCMP use MIC, which provides an integrity check on the data packet.
Which of the following EAP types offers support for legacy authentication protocols such as PAP, CHAP, MS-CHAP, or MS-CHAPv2? A. PEAP B. EAP-FAST C. EAP-TLS D. EAP-TTLS
D. EAP-TTLS determines how user authentication will perform during phase 2. The user authentication may be a legacy protocol such as PAP, CHAP, MS-CHAP, or MS-CHAPV2.
Your company has asked you to recommend a secure method for password storage. Which of the following would provide the best protection against brute-force attacks? (Choose two.) A. ROT13 B. MD5 C. PBKDF2 D. BCRYPT
C and D. PBKDF2 applies a pseudo-random function such as a HMAC to the password along with a salt value and produces a derived key. PBKDF2 is designed to protect against brute-force attacks. BCRYPT is a password-hashing function derived from the Blowfish cipher. It adds a salt value to protect against rainbow table attacks.
Your company has discovered that several confidential messages have been intercepted. You decide to implement a web of trust to encrypt the files. Which of the following are used in a web of trust concept? (Choose two.) A. RC4 B. AES C. PGP D. GPG
C and D. PGP and GPG use a web of trust to establish the authenticity of the binding between a public key and its owner.
You are conducting a training program for new network administrators for your company. You talk about the benefits of asymmetric encryption. Which of the following are considered asymmetric algorithms? (Choose two.) A. RC4 B. DES C. RSA D. ECC
C and D. RSA is an asymmetric algorithm (also known as public key cryptography) that uses a public and a private key to encrypt and decrypt data during transmissions. ECC (elliptical curve cryptography) is based on elliptic curve theory that uses points on a curve to define more efficient public and private keys.
Which of the following standards was developed by the Wi-Fi Alliance and implements the requirements of IEEE 802.11i? A. NIC B. WPA C. WPA2 D. TKIP
C. 802.11i is an amendment to the original IEEE 802.11 and is implemented as WPA2. The amendment deprecated WEP.
Which of the following statements best describes how a digital signature is created? A. The sender encrypts a message digest with the receiver's public key. B. The sender encrypts a message digest with the receiver's private key. C. The sender encrypts a message digest with his or her private key. D. The sender encrypts a message digest with his or her public key.
C. A digital signature is a hash value (message digest) that is encrypted with the sender's private key. The receiver performs a hashing function on the message and decrypts the sent hash value with the sender's public key and compares the two hash values. If the hash values are the same, the message actually came from the sender. This is performed by DSA (digital signature algorithm) and allows traceability to the person signing the message through the use of their private key.
Which of the following can assist in the workload of the CA by performing identification and authentication of users requesting certificates? A. Root CA B. Intermediate CA C. Registered authority D. OSCP
C. A registered authority (RA) is used to verify requests for certificates and forwards responses to the CA.
Which of the following statements is true about symmetric algorithms? A. They hide data within an image file. B. They use one key to encrypt data and another to decrypt data. C. They use a single key to encrypt and decrypt data. D. They use a single key to create a hashing value.
C. A symmetric algorithm, also known as a secret key algorithm, uses the same key to encrypt and decrypt data.
A college wants to move data to a USB flash drive and has asked you to suggest a way to secure the data in a quick manner. Which of the following would you suggest? A. 3DES B. SHA-256 C. AES-256 D. SHA-512
C. AES-256 can encrypt data quickly and securely with a USB flash drive.
Network data needs to be encrypted, and you are required to select a cipher that will encrypt 128 bits at a time before the data are sent across the network. Which of the following would you choose? A. Stream cipher B. Hash algorithm C. Block cipher D. Obfuscation
C. Block ciphers encrypt data one block, or fixed block, at a time.
Which of the following statements is true regarding the confusion encryption method? A. It puts one item in the place of another; for example, one letter for another or one letter for a number. B. It scrambles data by reordering the plain text in a certain way. C. It uses a relationship between the plain text and the key that is so complicated the plain text can't be altered and the key can't be determined. D. Change in the plain text will result in multiple changes that are spread throughout the cipher text.
C. Confusion encryption is a method that uses a relationship between the plain text and the key that is so complicated the plain text can't be altered and the key can't be determined by a threat actor.
Which of the following encryption algorithms is the weakest? A. Blowfish B. AES C. DES D. SHA
C. DES (Data Encryption Standard) is a 56-bit key and is superseded by 3DES. DES is considered to be insurance for many applications.
Which of the following EAP types requires both server and client certificates? A. EAP-FAST B. PEAP C. EAP-TLS D. EAP-TTLS
C. EAP-TLS requires both client and server to have certificates. The authentication is mutual where the server authenticates to the client and the client authenticates to the server.
Which of the following algorithms is generally used in mobile devices? A. 3DES B. DES C. ECC D. AES
C. ECC (elliptical curve cryptography) uses less processing power and works best in devices such as wireless devices and cellular phones. ECC generates keys faster than other asymmetric algorithms. Determining the correct set of security and resource constraints is an important beginning step when planning a cryptographic implementation.
A threat actor has created a man-in-the-middle attack and captured encrypted communication between two users. The threat actor was unable to decrypt the messages. Which of the following is the reason the threat actor is unable to decrypt the messages? A. Hashing B. Symmetric encryption C. Asymmetric encryption D. Key escrow
C. In asymmetric encryption, sometimes referred to as public key encryption, the private key is used to decrypt an encrypted file.
Which of the following is required when employing PKI and preserving data is important? A. CA B. CRL C. Key escrow D. CER
C. Key escrow is a database of stored keys that can be retrieved should the original user's key be lost or compromised. The stored key can be used to decrypt encrypted material, allowing restoration of the original material to its unencrypted state.
James is a security administrator and wants to ensure the validity of public trusted certificates used by the company's web server, even if there is an Internet outage. Which of the following should James implement? A. Key escrow B. Recovery agent C. OCSP D. CSR
C. OCSP (Online Certificate Status Protocol) is a protocol that can be used to query a certificate authority about the revocation status of a given certificate. OCSP can prepackage a list of revoked certificates and distribute them through browser updates and can be checked if there is an Internet outage.
Which of the following statements best describes the difference between public key cryptography and public key infrastructure? A. Public key cryptography is another name for an asymmetric algorithm, whereas public key infrastructure is another name for a symmetric algorithm. B. Public key cryptography uses one key to encrypt and decrypt the data, and public key infrastructure uses two keys to encrypt and decrypt the data. C. Public key cryptography is another name for asymmetric cryptography, whereas public key infrastructure contains the public key cryptographic mechanisms. D. Public key cryptography provides authentication and nonrepudiation, whereas public key infrastructure provides confidentiality and integrity.
C. Public key cryptography is also known as asymmetric cryptography. Public key cryptography is one piece of the PKI (public key infrastructure).
The CIO at your company no longer wants to use asymmetric algorithms because of the cost. Of the following algorithms, which should the CIO discontinue using? A. AES B. RC4 C. RSA D. Twofish
C. RSA is an asymmetric algorithm and should be discontinued.
You have been promoted to security administrator for your company and you need to be aware of all types of hashing algorithms for integrity checks. Which algorithm offers a 160-bit digest? A. MD5 B. RC4 C. SHA-1 D. AES
C. SHA-1 is a hashing algorithm that produces a 160-bit digest.
Which of the following is true regarding the importance of encryption of data-at-rest for sensitive information? A. It renders the recovery of data more difficult should the user lose their password. B. It allows the user to verify the integrity of the data on the stored device. C. It prevents the sensitive data from being accessed after a theft of the physical equipment. D. It renders the recovery of data easier should the user lose their password.
C. Should a hard drive be stolen, the data will not be able to be read as the data is scrambled, or encrypted, and can be read only by the corresponding key.
AES-CCMP uses a 128-bit temporal key and encrypts data in what block size? A. 256 B. 192 C. 128 D. 64
C. The AES-CCMP encryption algorithm used in the 802.11i security protocol uses the AES block cipher and limits the key length to 128 bits. AES-CCMP makes it difficult for an eavesdropper to spot patterns.
You are a network administrator and your manager has asked you to enable WPA2 CCMP for wireless clients, along with an encryption to protect the data transmitting across the network. Which of the following encryption methods would you use along with WPA2 CCMP? A. RC4 B. DES C. AES D. 3DES
C. Using AES with CCMP incorporates two cryptographic techniques that provide a more secure protocol between a mobile client and the access point.
You recently upgraded your wireless network so that your devices will use the 802.11n protocol. You want to ensure all communication on the wireless network is secure with the strongest encryption. Which of the following is the best choice? A. WEP B. WPA C. WPA2 D. WPS
C. WPA2 is a security standard that secures computers connected to the 802.11n WiFi network. It provides the strongest available encryption for wireless networks.
You are given the task of selecting an asymmetric encryption type that has an appropriate level of encryption strength but uses a smaller key length than is typically required. Which of the following encryption methods will accomplish your requirement? A. Blowfish B. RSA C. DHE D. ECC
D. ECC (elliptic curve cryptography) is an asymmetric algorithm that uses smaller keys and has the same level of strength compared to longer key length asymmetric algorithm.
Your manager wants to implement a security measure to protect sensitive company data that reside on the remote salespeople's laptops should they become lost or stolen. Which of the following measures would you implement? A. Implement WPS on the laptops. B. Set BIOS passwords on the laptops. C. Use whole-disk encryption on the laptops. D. Use cable locks on the laptops.
C. Whole-disk encryption, such as BitLocker on a Windows OS, will protect the contents of a laptop if it is lost or stolen. If the thief were to take the hard drive out of the laptop and try reading the content, they would be unsuccessful.
You are a network administrator for your company, and the single AP that allows clients to connect to the wireless LAN is configured with a WPA-PSK preshared key of the company name followed by the number 1. Which of the following statements is correct regarding this implementation? A. It is secure because WPA-PSK resolved the problem with WEP. B. It is secure because the preshared key is at least five characters long. C. It is not secure because the preshared key includes only one number and the company name so it can be easily guessed. D. It is not secure because WPA-PSK is as insecure as WEP and should never be used.
C. With a single number appended to the company name, the preshared key can be easily guessed. A secure preshared key is at least eight ASCII characters in length and follows the complexity rule.
Matt needs to calculate the number of keys that must be generated for 480 employees using the company's PKI asymmetric algorithm. How many keys must Matt create? A. 114,960 B. 480 C. 960 D. 229,920
C. With asymmetric algorithms, every user must have at least one pair of keys (private and public). The two keys are mathematically related. If a message is encrypted with one key, the other key is required to decrypt the message. The formula to determine the number of keys needed is N × 2, where N is the number of people.
You are tasked to implement a solution to ensure data that are stored on a removable USB drive hasn't been tampered with. Which of the following would you implement? A. Key escrow B. File backup C. File encryption D. File hashing
D. Hashing is a one-way encryption that transforms a string of characters into a fixed-length value or key, also known as a hash value. Hashes ensure the integrity of data or messages.
Which of the following would be used to allow certain traffic to traverse from a wireless network to an internal network? A. WPA B. WEP C. Load balancers D. 802.1x
D. 802.1x enhances security within a WLAN by providing an authentication framework. Users are authenticated by a central authority before they are allowed within the network.
Your manager has recently purchased a RADIUS server that will be used by remote employees to connect to internal resources. Several client computers need to connect to the RADIUS server in a secure manner. What should your manager deploy? A. HIDS B. UTM C. VLAN D. 802.1x
D. 802.1x enhances security within a WLAN by providing an authentication framework. Users are authenticated by a central authority before they are allowed within the network.
Which of the following types of attack sends two different messages using the same hash function, causing a collision? A. Xmas attack B. DoS C. Logic bomb D. Birthday attack
D. A birthday attack can be used to find hash collisions. It's based off the birthday paradox stating there is a 50 percent chance of someone sharing your birthday with at least 23 people in the room.
You are receiving calls from users who are connected to the company's network and are being redirected to a login page with the company's logo after they type a popular social media web address in an Internet browser. Which of the following is causing this to happen? A. WEP B. Key stretching C. MAC filtering D. Captive portal
D. A captive portal is a web page where the user must view and agree to the terms before access to the network is granted. They are typically used by business centers, airports, hotels, and coffee shops.
Which of the following defines a hashing algorithm creating the same hash value from two different messages? A. AES B. MD5 C. Hashing D. Collision
D. A collision occurs when a hashing algorithm creates the same hash from two different messages.
Which of the following takes each bit in a character and is XORed with the corresponding bit in the secret key? A. ECDHE B. PBKDF2 C. Obfuscation D. One-time pad
D. A one-time pad is a stream cipher that encrypts the plain text with a secret random key that is the same length as the plain text. The encryption algorithm is the XOR operation.
Your company's web server certificate has been revoked and external customers are receiving errors when they connect to the website. Which of following actions must you take? A. Renew the certificate. B. Create and use a self-signed certificate. C. Request a certificate from the key escrow. D. Generate a new key pair and new certificate.
D. A revoked certificate is no longer valid for the intended purpose, and a new key pair and certificate will need to be generated.
What is another name for an ephemeral key? A. PKI private key B. MD5 C. PKI public key D. Session key
D. A session key is another name for an ephemeral key. An ephemeral key includes a private and public key, and systems use this key pair for a single session and then discard it.
Which of the following statements is true regarding symmetric key systems? A. They use different keys on each end of the transported data. B. They use public key cryptography. C. They use multiple keys for creating digital signatures. D. They use the same key on each end of the transported data.
D. A symmetric key system uses the same key to encrypt and decrypt data during the transport.
You are asked to configure a WLAN that does not require a user to provide any credentials to associate with a wireless AP and access a WLAN. What type of authentication is said to be in use? A. IV B. WEP C. WPA D. Open
D. An open wireless network does not require a user to enter credentials for access.
The process of deleting data by sending a single erase or clear instruction to an address of the nonvolatile memory is an example of securing which of the following? A. Data-in-transit B. Data-over-the-network C. Data-in-use D. Data-at-rest
D. Data-at-rest is all data that is inactive and physically stored in a physical digital form such as nonvolatile memory.
Tom is sending Mary a document and wants to show the document came from him. Which of the following should Tom use to digitally sign the document? A. TKIP B. Intermediate CA C. Public key D. Private key
D. Digital signatures are created by using the user's or computer's private key that is accessible only to that user or computer. Nonrepudiation is the assurance that someone cannot deny something.
Which certificate format is typically used on Windows OS machines to import and export certificates and private keys? A. DER B. AES C. PEM D. PFX
D. PFX (personal information exchange) files are typically used with Windows OSs that include digital certificates and are used for authentication processes involved in determining if a user or device can access certain files.
Which of the following defines a file format commonly used to store private keys with associated public key certificates? A. PKCS #1 B. PKCS #3 C. PKCS #7 D. PKCS #12
D. PKCS #12 is a file that contains both the private key and the X.509 certificate and can be installed by the user on servers or workstations. X.509 certificates can be a wildcard certificate for multiple entities under a single fully qualified domain name.
You are a security administrator looking to implement a two-way trust model. Which of the following would you use? A. ROT13 B. PGP C. WPA2 D. PKI
D. PKI (public key infrastructure) is an entire system of hardware, software, policies and procedures, and people. PKI creates, distributes, manages, stores, and revokes certificates. A trust model is used to set up trust between CAs. A certificate has a subject alternative name (SAN) for machines (fully qualified domain names) or users (user principal name).
Which of the following is mainly used for remote access into a network? A. TACACS+ B. XTACACS C. Kerberos D. RADIUS
D. RADIUS is a client-server protocol that enables remote access servers to communicate with a central server to authenticate users. RADIUS uses symmetric encryption for security.
You want to authenticate and log connections from wireless users connecting with EAP-TLS. Which of the following should be used? A. Kerberos B. LDAP C. SAML D. RADIUS
D. RADIUS is a networking protocol that provides centralized AAA for users connecting and using a network service. EAP-TLS offers a good deal of security with the use of TLS and uses PKI to secure communication to the RADIUS authentication server.
Which of the following encryption algorithms is used to encrypt and decrypt data? A. MD5 B. HMAC C. Kerberos D. RC4
D. RC4 is a stream cipher used for encrypting and decrypting data, but there are known weaknesses and using it is not recommended.
Which of the following is an example of a stream cipher? A. AES B. DES C. 3DES D. RC4
D. RC4 is an example of a stream cipher that encrypts data one bit at a time.
Bob is a security administrator and needs to encrypt and authenticate messages that are sent and received between two systems. Which of the following would Bob choose to accomplish his task? A. Diffie-Hellman B. MD5 C. SHA-256 D. RSA
D. RSA is a public key encryption algorithm that can both encrypt and authenticate messages.
Which of the following uses two mathematically related keys to secure data during transmission? A. Twofish B. 3DES C. RC4 D. RSA
D. RSA is an asymmetric algorithm (also known as public key cryptography) that uses a public and a private key to encrypt and decrypt data during transmissions.
The CA is responsible for revoking certificates when necessary. Which of the following statements best describes the relationship between a CRL and OSCP? A. OCSP is a protocol to submit revoked certificates to a CRL. B. CRL is a more streamlined approach to OCSP. C. CRL validates a certificate in real time and reports it to the OCSP. D. OCSP is a protocol to check the CRL during a certificate validation process.
D. Revoked certificates are stored on a CRL (certificate revocation list). The CA continuously pushes out CRL values to clients to ensure they have the updated CRL. OCSP (Online Certificate Status Protocol) performs this work automatically in the background and returns a response such as "good," "revoked," and "unknown." OCSP uses a process called stapling to reduce communication from the user to the CA to check the validity of a certificate.
You are asked to see if several confidential files have changed, and you decide to use an algorithm to create message digests for the confidential files. Which algorithm would you use? A. AES B. RC4 C. Blowfish D. SHA-1
D. SHA-1 is a hashing algorithm that creates message digests and is used for integrity.
You want to send confidential messages to a friend through email, but you do not have a way of encrypting the message. Which of the following methods would help you achieve this goal? A. AES B. Collision C. RSA D. Steganography
D. Steganography is a process of hiding data within data. This technique can be applied to images, video files, or audio files.
Which of the following best describes the drawback of symmetric key systems? A. You must use different keys for encryption and decryption. B. The algorithm is more complex. C. The system works much more slowly than an asymmetric system. D. The key must be delivered in a secure manner.
D. Symmetric encryption uses the same key to encrypt and decrypt data, so the key must be sent to the receiver in a secure manner. If a person were to get the key somewhere in the middle, they would be able to decrypt the information and read the data or inject it with malware.
You need to encrypt the signature of an email within a PKI system. Which of the following would you use? A. CER B. Public key C. Shared key D. Private key
D. The private key is used to encrypt the signature of an email, and the sender's public key is used to decrypt the signature and verify the hash value.
You are a network administrator for a distribution company and the manager wants to implement a secure wireless LAN for a BYOD policy. Through research, you determine that the company should implement AES encryption and the 802.1x authentication protocol. You also determine that too many APs and clients will be installed and you will need to configure each one with a preshared key passphrase. Which of the following will meet your needs? A. WEP B. WPA C. WPA2-Personal D. WPA2-Enterprise
D. WPA2-Enterprise will implement AES and require an authentication infrastructure with an authentication server (RADIUS) and an authenticator. WPA2-Enterprise provides better protection of critically important information with BYOD (Bring Your Own Device).
Your company has implemented a RADIUS server and has clients that are capable of using multiple EAP types, including one configured for use on the RADIUS server. Your security manager wants to implement a WPA2-Enterprise system. Since you have the RADIUS server and clients, what piece of the network would you need? A. Network access control B. Authentication server C. Authenticator D. Supplicant
D. You would need the supplicant. The authenticator, an AP or wireless controller, sends authentication messages between the supplicant and authentication server.
