CertiGuide to Security+  9  Chapter 7:  Practice Exam Answers

Answers to Questions 56-60 1 Answers to Questions 66-70

61. What is true about hash functions?

A. They are proprietary

B. They are more secure than digital signature algorithms

C. They are faster than digital signature algorithms

D. They require 128 bit computing

Explanation: Since hash functions are generally faster than encryption or digital signature algorithms, it is typical to compute the digital signature or integrity check to some document by applying cryptographic processing to the document's hash value, which is small compared to the document itself.

Hash functions do not require 128bit computing. Also, they are not typically more secure than the public key encryption used for digital signatures, although digital signatures may use an encrypted hash value. Has functions are standardized, rather than proprietary. Common hash functions include MD-5 and SHA-1.

& Section 4.1.1: Hashing

62. What is true about digital digest?

A. It can be made public without revealing the contents of the original document

B. It cannot be made public

C. It allows the revealing of the contents of the document from which it is derived

D. It does not work well with time stamping service

Explanation: A digest can be made public without revealing the contents of the document from which it is derived. This is important in digital time stamping where, using hash functions, one can get a document time stamped without revealing its contents to the time stamping service.

& Section 4.1.1: Hashing

63. To protect the data while in transit on a network, what is used to identify errors and omissions in the information?

A. Hash total

B. Record sequence checking

C. Transmission error correction

D. Retransmission controls

Explanation: Hash totals - these identify errors and omissions in the information, A has algorithm provides a hexadecimal checksum of the data. This is stored in a record prior to transmission, and then sent to the remote computer with the data. The remote system can then compute the checksum, and if it agrees with the value that was calculated before transmission, the information arrived intact.

Record sequence checking would verify that records were received in the correct order, but not verify record contents. TCP-level techniques do not protect against alteration of data during transmission, since packets could potentially be inserted with altered information.

& Section 4.1.1: Hashing

64. Hash total uses an algorithm that provides a checksum of the data in ___________ format:

A. ASCII

B. Numerical

C. Unicode

D. Hexadecimal

Explanation: Hash totals - these identify errors and omissions in the information, A has algorithm provides a hexadecimal checksum of the data. This is stored in a record prior to transmission, and then sent to the remote computer with the data. The remote system can then compute the checksum, and if it agrees with the value that was calculated before transmission, the information arrived intact.

& Section 4.1.1: Hashing

65. A digitally signed message offers

A. Authentication of Origin

B. Integrity of Data

C. Non-Repudiation

D. Confidentiality

E. Access Control

Explanation: Signing a message does not mean the message IS encrypted. It is possible, but not MANDATORY. Without encryption, confidentiality is not offered.

Diffie-Hellman -- "The Diffie-Hellman variant described requires the recipient to have a certificate, but the originator may have a static key pair (with the public key placed in a certificate) or an ephemeral key pair. -- RFC 2631

& Section 4.2: Concepts of Using Cryptography

Answers to Questions 56-60 1 Answers to Questions 66-70