PRACTICE

03 Cryptographic Solutions
Mini Quiz Answers

Question 1: A security administrator is selecting an encryption standard for full disk encryption that supports 128-bit, 192-bit, and 256-bit key lengths and that uses the same key for both encryption and decryption. Which algorithm should they select?

Pro Tip! Notice this question doesn't actually tell you to choose a secure answer (AES). You can ALWAYS assume that the questions want you to choose a secure answer instead of an insecure one.

  • A. DES. DES is a cryptographically broken symmetric algorithm that uses only 56-bit keys and does not support 128-bit, 192-bit, or 256-bit key lengths, making it unsuitable for modern full disk encryption standards.
  • B. 3DES. Although 3DES applies the DES algorithm three times and is more secure than DES, it is deprecated and does not support the specific 128/192/256-bit key lengths described.
  • C. AES. AES is the modern symmetric encryption standard that supports 128-bit, 192-bit, and 256-bit key lengths and uses the same key for both encryption and decryption, fitting all requirements for full disk encryption.
  • D. RSA. RSA is an asymmetric encryption algorithm that uses a public and private key pair rather than a single shared key, so it does not match the requirement for using the same key for both operations.

Question 2: An organization is implementing email encryption for secure communications between business partners. They need to send encrypted messages to recipients without having previously shared a secret key, ensuring that only the specific recipient can open the message. Which cryptographic approach enables this?

  • A. Symmetric encryption. Symmetric encryption requires both communicating parties to already possess the same secret key before transmission begins, which does not meet the question.
  • B. Asymmetric encryption. Asymmetric encryption would be used to send messages using the recipient's public key, ensuring that only the recipient's corresponding private key can decrypt the content.
  • C. Hashing. Hashing is a one-way cryptographic function that generates fixed-length digests. Hashing cannot be reversed, making it unsuitable for encrypting messages that must be decrypted and read by the recipient.
  • D. Steganography. Steganography is a technique for concealing the existence of data within other files or media to hide the fact that communication is occurring, but it does not provide actual encryption.

Question 3: A system architect is choosing between RSA and ECC for securing IoT devices with limited processing power and battery life. Which answer BEST explains the most suitable choice and why?

  • A. RSA because it is an older algorithm and therefore compatible with older devices. Although RSA is older, age does not equate to suitability for IoT constraints, and RSA's larger key sizes actually consume more processing power and battery life compared to ECC.
  • B. ECC because it uses a smaller key length for an equivalent brute force resistance strength to RSA. ECC provides equivalent security to RSA with significantly smaller key sizes, such as 256-bit ECC equaling 3072-bit RSA, which reduces computational overhead and power consumption critical for IoT devices.
  • C. RSA because it offers the choice of the longest key lengths. While RSA supports long keys, longer keys increase computational burden and battery drain, which is the opposite of what is needed for resource-constrained IoT devices.
  • D. ECC because it is supported by a wider range of Certificate Authorities. While ECC support is growing, RSA historically has wider support, but the question specifically asks about processing power.

Question 4: A company is concerned that increasing encryption key lengths will impact system performance. They are debating a choice between 128-bit and 256-bit key length. What is the BEST way to explain this discussion to senior management?

  • A. Longer key lengths decrease security and increase speed. This is incorrect because longer key lengths mathematically increase security by expanding the brute-force search space, though they typically decrease speed due to computational overhead.
  • B. Longer key lengths increase security but consume more resources like CPU or RAM. This accurately describes the fundamental trade-off where increased key length exponentially strengthens security against brute-force attacks while requiring greater computational resources and processing time.
  • C. Longer key lengths reduce availability but offer better integrity. This confuses the CIA triad concepts, as key length primarily affects confidentiality through computational security, not availability or integrity directly.
  • D. The longer key length is better in ALL situations. This is incorrect because the performance impact of longer keys may be unacceptable for real-time applications or resource-constrained devices, requiring a balance between security needs and operational capabilities.

Question 5: A developer needs to securely exchange a symmetric encryption key over an insecure network channel without having previously shared any secret keys. There is a risk of an attacker attempting to intercept the key on the insecure channel. The developer chooses a protocol that uses ephemeral or rotating keys to secure the key exchange. Which of the following is the best solution?

  • A. Rivest-Shamir-Adleman. RSA is an asymmetric encryption algorithm primarily used for encrypting small amounts of data or digital signatures, but it is not the specific protocol designed for secure key exchange over insecure channels without prior secrets.
  • B. Diffie-Hellman. Diffie-Hellman is a key exchange protocol specifically designed to allow two parties to establish a shared secret symmetric key over an insecure public channel without having previously shared any secret keys, using ephemeral public-private key pairs.
  • C. Advanced Encryption Standard. AES is a symmetric encryption algorithm that requires both parties to already possess the same secret key to encrypt data, so it cannot securely exchange keys over an insecure channel by itself.
  • D. Message Digest 5. MD5 is a cryptographic hash function that produces a fixed-length hash value and is considered cryptographically broken and unsuitable for any security purpose, including key exchange.

Question 6: An organization wants to ensure that, if their long-term private key is compromised in the future, previously intercepted encrypted sessions cannot be fully decrypted. Which feature provides this protection?

  • A. Key stretching. Key stretching is a technique used to strengthen password hashes by adding computational iterations, not a feature designed to protect past encrypted sessions from future key compromise.
  • B. Perfect Forward Secrecy. Perfect Forward Secrecy ensures that ephemeral session keys are used for each communication session, meaning that even if the long-term private key is compromised later, previously captured encrypted sessions cannot be decrypted because they used different ephemeral keys.
  • C. Key escrow. Key escrow involves storing copies of encryption keys with a trusted third party for recovery purposes, which actually increases the risk of key compromise rather than protecting past sessions from it.
  • D. Digital signatures. Digital signatures provide non-repudiation and authenticity by proving the sender's identity, but they do not provide confidentiality or protect past encrypted sessions from future key compromise.

Question 7: A security team is implementing TLS for online communications. They want to ensure that the initial key exchange uses asymmetric encryption to establish a secure channel and authenticates each party, then changes to symmetric encryption for the secure data transfer. What is the primary reason for this change?

  • A. Asymmetric encryption is faster than symmetric encryption. This is incorrect because asymmetric encryption involves complex mathematical operations with large key sizes that make it significantly slower than symmetric encryption.
  • B. Asymmetric encryption is significantly more secure than symmetric encryption. While asymmetric encryption solves key distribution problems, it is not inherently "more secure," and the question asks specifically about the reason for switching protocols, not comparative security levels.
  • C. Symmetric encryption is significantly faster and more efficient than asymmetric encryption for bulk data transfer. This is correct because symmetric algorithms like AES use simpler operations and smaller key sizes relative to their security, making them hundreds or thousands of times faster for encrypting large volumes of data.
  • D. Asymmetric encryption requires no computational resources. This is false because asymmetric encryption actually requires substantially more computational resources and processing power than symmetric encryption due to complex mathematical operations.

Question 8: A company is evaluating encryption solutions and notes that one solution requires a key pair where the public key is shared openly while the private key remains secret. If the public key is used to encrypt data, what is required to decrypt it?

  • A. The same public key. Data encrypted with a public key cannot be decrypted with the same public key because public keys are designed to be one-way functions that only work with their mathematically paired private key.
  • B. The corresponding private key. The private key is the only key mathematically paired with the public key that can decrypt data encrypted with that specific public key, ensuring confidentiality in asymmetric cryptography.
  • C. A shared secret key. A shared secret key is used in symmetric encryption where both parties use the same key, but in asymmetric cryptography, the decrypting party uses their unique private key, not a shared secret.
  • D. The hash of the public key. A hash of the public key is used for fingerprinting or verification purposes, but it cannot decrypt ciphertext because hashing is a one-way function.

Question 9: The Chief Executive Officer (CEO) of a company, David, needs to send a short email to the Head of Governance, Risk, and Compliance (GRC), Yasmina. The objective is to ensure that David can easily encrypt the email with a key he already has, but that only Yasmina can read the message. Which key would David use to send the message?

  • A. Yasmina's public key. Encrypting with the recipient's public key ensures that only the recipient possessing the corresponding private key can decrypt and read the message, fulfilling the confidentiality requirement.
  • B. Yasmina's private key. David should never have access to Yasmina's private key, and if he did, anyone with her public key could decrypt the message, defeating the purpose of ensuring only she can read it.
  • C. David's public key. If David encrypted with his own public key, anyone else could obtain his public key and decrypt the message, failing to ensure that only Yasmina can read it.
  • D. David's private key. Encrypting with David's private key creates a digital signature that proves he sent it, but anyone with his public key could read it, so it does not provide confidentiality.

Question 10: A leading cybersecurity professor, Dr. Aly, wishes to send a short email to the rest of his team. The objective is to ensure that anyone can open the message, so there is no confidentiality, but that the students are certain Dr. Aly is the person who sent the message. Which key would Dr. Aly use to send the message?

  • A. His public key. Encrypting with his public key would mean only his private key could decrypt it, making the message unreadable by the team, and it wouldn't prove his identity since anyone could theoretically use his public key.
  • B. His private key. Encrypting (signing) with his private key allows anyone with his public key to verify the signature and read the message, proving Dr. Aly's identity while providing no confidentiality, which matches the requirement.
  • C. The team's public keys. Encrypting with the team's public keys would ensure confidentiality for each team member but would not prove that Dr. Aly specifically sent the message, as anyone could encrypt with those public keys.
  • D. The team's private keys. Dr. Aly should never possess the team's private keys, which must remain secret to their respective owners, and using them would be impossible and a severe security violation.

Question 11: A forensic analyst needs to verify that a downloaded file has not been altered during transfer. They compare a calculated fixed-length digest of the file against the source's published digest value, and then they check whether both values are exactly the same. What cryptographic property is being assessed?

  • A. Non-repudiation. Non-repudiation is provided by digital signatures to prove the sender's identity and prevent denial of sending, not by simple hash comparison for file integrity.
  • B. Cryptographic hash. A cryptographic hash generates a fixed-length unique digest of file contents, allowing verification that the file has not been altered by comparing the calculated hash against the original published hash value.
  • C. Symmetric encryption. Symmetric encryption provides confidentiality by encrypting data so only authorized parties can read it, but it does not inherently provide a fixed-length integrity check without additional mechanisms like MACs.
  • D. Diffie-Hellman key exchange protocol. Diffie-Hellman is used for establishing shared secrets over insecure channels, not for generating fixed-length integrity digests of files.

Question 12: A penetration tester discovers that a web application stores password hashes using MD5. What would they note in their report to senior management?

  • A. MD5 is secure but it is too slow for the client's needs. MD5 is actually extremely fast, which is part of why it's unsuitable for password storage, and more importantly, it is cryptographically broken, not secure.
  • B. MD5 is considered cryptographically broken because it is vulnerable to collision attacks. MD5 has been demonstrated to have collision vulnerabilities where different inputs can produce the same hash output, making it unsuitable for security purposes like password storage.
  • C. MD5 produces hashes that are too long for use as password storage. MD5 produces 128-bit hashes, which are actually shorter than modern recommended hashes like SHA-256, and hash length is not the primary concern compared to collision resistance.
  • D. MD5 is only for asymmetric encryption, not for web applications. MD5 is a hash function, not an asymmetric encryption algorithm, and it is unsuitable for any cryptographic security purpose, including web applications.

Question 13: A system administrator is implementing password storage in a website. They want to prevent the use of pre-computed rainbow table attacks by ensuring that identical passwords produce different hash values in the database. What technique should they implement?

  • A. Regular key rotation. Key rotation involves periodically replacing encryption keys to limit exposure time, but it does not prevent rainbow table attacks against stored password hashes.
  • B. Salting. Salting adds a unique random value to each password before hashing, ensuring that identical passwords produce different hash values and rendering pre-computed rainbow tables ineffective.
  • C. Peppering. Peppering adds a global secret value to all passwords before hashing, which does help security but is different from the standard practice of using unique salts per password to defeat rainbow tables specifically.
  • D. Database encryption. Database encryption protects data at rest from unauthorized access, but it does not change the fact that identical passwords would produce identical hashes if the same hashing algorithm is used without salting.

Question 14: Ahmed is tasked with selecting the best approach for salting passwords in his organization. Which of the following is the BEST approach to salting?

  • A. Ensure everyone uses the same salt so users do not need to remember more passwords. Using the same salt for all passwords defeats the purpose of salting, as identical passwords would still produce identical hashes, making rainbow tables effective again.
  • B. Ensure every salt is unique and is never reused. Unique salts per password ensure that even if two users have the same password, their hashes will differ completely, preventing attackers from using pre-computed tables or identifying duplicate passwords.
  • C. Ensure that the salt is posted on the company's public website to deter potential attackers. Publishing salts defeats their security purpose, as salts must be stored with the hash but kept unpredictable, not publicly advertised.
  • D. Ensure that the salt is at least double the length of the user's password. Salt length recommendations focus on sufficient entropy (typically 16+ bytes) rather than being tied to password length, which varies per user.

Question 15: An organization is using an outdated, insecure hashing algorithm on their services. They attempt to protect against brute-force attacks against stored hashes by requiring thousands of iterations of hashing, to delay attackers for as long as possible. What is this technique called?

  • A. Salting. Salting adds random data to passwords to prevent rainbow table attacks, but it does not inherently involve multiple iterations of the hashing algorithm to slow down computation.
  • B. Key stretching. Key stretching intentionally increases the computational cost of hashing by iterating the hash function thousands of times, making brute-force attacks against stolen hashes computationally prohibitive.
  • C. Key rotation. Key rotation involves replacing encryption keys periodically to limit the window of exposure, not adding computational delays to hashing processes.
  • D. Key escrow. Key escrow involves storing backup copies of encryption keys with a trusted third party for recovery purposes, unrelated to strengthening password hashes against brute-force attacks.

Question 16: A security auditor needs to verify the integrity of a system configuration file to ensure it has not been tampered with. They generate a fixed-length string that uniquely represents the file's contents. Which algorithm is most appropriate for this integrity check?

  • A. RSA-2048. RSA-2048 is an asymmetric encryption algorithm used for secure data transmission and digital signatures, not for generating fixed-length file integrity digests.
  • B. SHA-256. SHA-256 is a cryptographic hash algorithm that generates a unique fixed-length digest representing file contents, making it ideal for verifying that a configuration file has not been tampered with.
  • C. AES-128. AES-128 is a symmetric encryption algorithm designed for confidentiality by encrypting data, not for generating one-way integrity checksums.
  • D. ECC. ECC (Elliptic Curve Cryptography) is an asymmetric encryption method used for secure communications and key exchange, not for file integrity hashing.

Question 17: A laptop manufacturer wants to include a hardware chip that can securely store encryption keys, perform attestation, and ensure the operating system has not been tampered with during boot. What component provides this functionality?

  • A. GPU. A GPU (Graphics Processing Unit) is designed for rendering graphics and parallel processing, not for secure key storage or boot attestation.
  • B. TPM. A TPM (Trusted Platform Module) is a specialized hardware chip that securely stores encryption keys, performs platform attestation, and ensures the integrity of the boot process by verifying components before the OS loads.
  • C. HSM. An HSM (Hardware Security Module) is a high-grade enterprise device for managing cryptographic keys, but it is typically external or network-based, not the standard chip integrated into consumer laptops for boot security.
  • D. CPU. A CPU is a general-purpose processor that executes instructions but lacks the specialized secure storage and attestation capabilities required for the described functions.

Question 18: An enterprise needs a high-grade, tamper-resistant hardware device to manage and store cryptographic keys for thousands of transactions per second in a financial processing center. This device must meet FIPS 140-2 Level 3 or 4 standards. What solution is required?

  • A. Software-based keystore. A software-based keystore stores keys in software and lacks the physical tamper resistance and FIPS 140-2 Level 3/4 certification required for high-grade enterprise key management.
  • B. HSM. An HSM (Hardware Security Module) is a physical, tamper-resistant hardware device specifically designed to manage and store cryptographic keys while meeting FIPS 140-2 Level 3 or 4 standards for high-security environments.
  • C. BIOS password. A BIOS password provides basic boot-time authentication but offers no cryptographic key management capabilities or tamper-resistant hardware protection.
  • D. Secure Enclave. A Secure Enclave is a hardware security feature in individual devices (like phones or specific chips) but does not scale to enterprise-level transaction processing for thousands of operations per second like an HSM.

Question 19: A distributed ledger technology is being implemented to ensure immutable records of transactions. Each block contains a hash of the previous block, ensuring integrity. What technology is being described?

  • A. Public Key Infrastructure. PKI is a system for managing digital certificates and public-key encryption, not a distributed ledger technology using chained hashes.
  • B. Blockchain. Blockchain is a distributed ledger technology where each block contains a cryptographic hash of the previous block, creating an immutable chain of transaction records.
  • C. Obfuscation. Obfuscation is the practice of making code difficult to understand or reverse engineer, not a ledger technology for recording transactions.
  • D. Steganography. Steganography is the practice of hiding data within other non-secret files or messages, not a system for creating immutable transaction records.

Question 20: A malware developer wants to hide the existence of stolen data within an image file by altering the least significant bits of pixel values so that the image looks unchanged to the human eye but contains hidden information. What technique is being used?

  • A. Encryption. Encryption scrambles data to make it unreadable without a key, but it does not hide the fact that data exists, whereas the question describes hiding data within an image.
  • B. Steganography. Steganography is the practice of concealing data within other files, such as images, by altering insignificant bits so the carrier file appears unchanged while secretly containing hidden information.
  • C. Hashing. Hashing generates a fixed-length digest for integrity verification and is a one-way function that cannot be used to hide and later recover original data within an image.
  • D. Obfuscation. Obfuscation makes code or data difficult to understand or interpret, but it does not involve hiding data within image files by manipulating pixel values.

Question 21: A software company wants to make its source code difficult to reverse engineer without actually encrypting it, by renaming variables and adding unnecessary complexity to the logic flow. What is this technique called?

  • A. Steganography. Steganography hides the existence of data within other media like images or audio files, not the technique of making source code difficult to reverse engineer.
  • B. Obfuscation. Obfuscation is the technique of making source code difficult to reverse engineer by renaming variables, adding unnecessary complexity, and modifying control flow without changing functionality.
  • C. Salting. Salting is the practice of adding random data to passwords before hashing to prevent rainbow table attacks, unrelated to code protection.
  • D. Perfect Forward Secrecy. Perfect Forward Secrecy is a property of communication protocols that ensures session keys are not compromised if long-term keys are stolen, not a code protection technique.

Question 22: An organization needs to bind public keys to verified identities, using digitally signed electronic documents that contain the subject's public key, validity period, and issuer information. What component of PKI provides this?

  • A. Digital Signature. A digital signature is a cryptographic mechanism that proves authenticity and non-repudiation, but it is not the component that binds the public key to the identity.
  • B. Digital Certificate. A digital certificate is a digitally signed electronic document issued by a Certificate Authority that binds a public key to a specific identity, containing the subject's public key, validity period, and issuer information.
  • C. Hash value. A hash value is a fixed-length string generated by a hash function to verify data integrity, not a document that binds public keys to identities.
  • D. Symmetric key. A symmetric key is a shared secret used for encryption and decryption, not a component of PKI used for binding public keys to identities.

Question 23: A user generates a file containing their public key and identifying information, then encrypts it with their private key to prove possession, before sending it to a trusted Certificate Authority. What is this action called?

  • A. CRL. A CRL (Certificate Revocation List) is a list of certificates that have been revoked before their expiration date, not a request for certificate issuance.
  • B. CSR. A CSR (Certificate Signing Request) is a file generated by the user containing their public key and identifying information, encrypted with their private key to prove possession, sent to a Certificate Authority to request a certificate.
  • C. Root Certificate. A root certificate is the self-signed top-level certificate in a PKI hierarchy that serves as the trust anchor, not a request file sent to a CA.
  • D. OCSP Response. An OCSP (Online Certificate Status Protocol) Response is a real-time status message indicating whether a certificate is valid, revoked, or unknown, not a certificate request.

Question 24: A browser validates a website's certificate by checking a pre-installed certificate at the top of a trust hierarchy. What is this ultimate trust anchor called?

  • A. Intermediate Certificate. An intermediate certificate is issued by the root CA and issues end-entity certificates, but it is not the ultimate trust anchor at the top of the hierarchy.
  • B. Root of Trust. The root of trust is the ultimate anchor point in a PKI hierarchy, typically a self-signed root certificate pre-installed in browsers and operating systems, from which all certificate validation chains must originate.
  • C. Certificate Signing Request. A Certificate Signing Request is a message sent to a CA to apply for a certificate, not a trust anchor used for validation.
  • D. Subject Alternative Name. A Subject Alternative Name is a field in a certificate that lists additional hostnames or IP addresses protected by the certificate, not a trust anchor.

Question 25: A security administrator needs to check if a certificate has been revoked before the expiration date. Which mechanism provides a real-time query to determine the current status of a certificate?

  • A. CRL. A CRL (Certificate Revocation List) is a periodically published list of revoked certificates that clients download, but it does not provide real-time queries and can be outdated.
  • B. OCSP. OCSP (Online Certificate Status Protocol) allows clients to query a responder in real-time to check the current revocation status of a specific certificate without downloading the entire CRL.
  • C. Root Certificate Store. The root certificate store contains trusted root CA certificates used to validate certificate chains, but it does not provide revocation status information for individual certificates.
  • D. CSR Validation. CSR validation is the process of verifying information in a certificate request before issuance, not a mechanism for checking if an existing certificate has been revoked.

Question 26: A Certificate Authority maintains a periodically updated list of certificates that should no longer be trusted before their scheduled expiration. However, a company no longer wishes to check the list periodically. Instead, they wish to have their browsers automatically retrieve the most recent information at regular intervals and attach it to handshake requests. What is the best solution?

  • A. CRL. A CRL (Certificate Revocation List) is a list maintained by a Certificate Authority containing serial numbers of certificates that have been revoked before their scheduled expiration dates.
  • B. OCSP Staple. An OCSP Staple is a time-stamped OCSP response attached to the TLS handshake by the server, not the periodically updated list maintained by the CA itself.
  • C. CSR. A CSR (Certificate Signing Request) is a message sent to a CA to request certificate issuance, not a list of revoked certificates.
  • D. Subject Name Attribute. Subject Name Attributes are fields in a certificate that identify the subject, such as Common Name or Organization, not a list of revoked certificates.

Question 27: A system needs to ensure non-repudiation so that a business partner cannot later deny having signed a contract. The sender encrypts a hash of the document with their private key. What is the best description of this mechanism?

  • A. Symmetric encryption. Symmetric encryption provides confidentiality by encrypting data with a shared secret key, but it does not inherently provide non-repudiation because either party could have created the ciphertext.
  • B. Digital Signature. A digital signature is created by encrypting a hash of the document with the sender's private key, providing non-repudiation because only the sender possesses that private key, proving they signed it.
  • C. Key escrow. Key escrow involves storing copies of encryption keys with a third party for recovery purposes and does not provide authentication or non-repudiation for document signing.
  • D. Diffie-Hellman exchange. Diffie-Hellman is a protocol for securely exchanging cryptographic keys over a public channel, not a mechanism for creating signatures that provide non-repudiation.

Question 28: An organization must retain access to encrypted data even if an employee leaves and forgets their password, by storing a copy of the decryption key with a trusted third party. What is the best solution for this?

  • A. Key stretching. Key stretching is a technique to make password cracking more difficult by using intensive computational hashing, not a method for retaining access to encrypted data after password loss.
  • B. Key escrow. Key escrow is the practice of storing copies of decryption keys with a trusted third party so that encrypted data can be recovered even if the original user forgets their password or leaves the organization.
  • C. Perfect Forward Secrecy. Perfect Forward Secrecy ensures that session keys are ephemeral and past communications remain secure even if long-term keys are compromised, which is the opposite of retaining access to old data.
  • D. Salting. Salting adds random data to passwords before hashing to prevent rainbow table attacks and is unrelated to key recovery or data retention when passwords are forgotten.

Question 29: A web server presents a certificate containing multiple DNS names (e.g., www.example.com and example.com) in a specific field that modern browsers check instead of the Common Name. What is this field called?

  • A. Subject Alternative Name (SAN). The Subject Alternative Name field in a certificate allows the inclusion of multiple DNS names, IP addresses, or other identifiers, and modern browsers check this field instead of or in addition to the Common Name.
  • B. Organizational Unit. Organizational Unit is a field in the certificate subject that identifies a department or division within an organization, not a field for listing multiple DNS names.
  • C. Certificate Authority. Certificate Authority refers to the entity that issued and signed the certificate, not a field within the certificate that lists subject DNS names.
  • D. Root of Trust. Root of Trust refers to the ultimate anchor certificate used to validate the certificate chain, not a field containing DNS names for the subject.

Question 30: A company needs to deploy a secure wireless network protocol that protects against offline dictionary attacks and provides forward secrecy to ensure that previously captured traffic cannot be decrypted even if the network password is compromised in the future. Which is the BEST protocol to implement?

  • A. WPA2-Personal using Pre-Shared Key (PSK) authentication. WPA2-PSK is vulnerable to offline dictionary attacks where an attacker captures the four-way handshake and attempts to crack the password offline, and it lacks forward secrecy meaning that if the pre-shared key is compromised, all previously captured traffic can be decrypted retroactively.
  • B. WPA3-Personal using Simultaneous Authentication of Equals (SAE). WPA3-Personal with SAE (also known as Dragonfly Key Exchange) prevents offline dictionary attacks by using a secure password-authenticated key exchange where each handshake is unique even with the same password, and it provides forward secrecy by generating session keys that are not derived from the password, ensuring past traffic remains secure even if the password is later compromised.
  • C. WPA with Temporal Key Integrity Protocol (TKIP). WPA-TKIP is an outdated protocol that uses the weak RC4 cipher, is vulnerable to various attacks, and does not provide protection against offline dictionary attacks or forward secrecy as required by the scenario.
  • D. WEP with 128-bit RC4 encryption. WEP is a cryptographically broken protocol that uses RC4, is vulnerable to rapid key recovery attacks, offers no forward secrecy, and can be cracked within minutes using readily available tools, making it completely unsuitable for any security requirement.