Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Comptia Discussions

Exam SY0-501 topic 1 question 668 discussion

Actual exam question from CompTIA's SY0-501
Question #: 668
Topic #: 1
[All SY0-501 Questions]

A company is executing a strategy to encrypt and sign all proprietary data in transit. The company recently deployed PKI services to support this strategy.
Which of the following protocols supports the strategy and employs certificates generated by the PKI? (Choose three.)

  • A. S/MIME
  • B. TLS
  • C. HTTP-Digest
  • D. SAML
  • E. SIP
  • F. IPSec
  • G. Kerberos
Show Suggested Answer Hide Answer
Suggested Answer: ABC 🗳️
by MelvinJohn at March 16, 2020, 7:59 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
MagicianRecon
Highly Voted 3 years, 10 months ago
Answers are correct. Don't look at Melvin's responses. Not sure from where he gets his flawed knowledge. SFTP supports public key cryptography since it is basically tunnelled through SSH. Authentication and data in transit is protected. Once the files are written to the server, they are no longer protected IPSec is not related to PKI. It makes use of IKE SA's and using AES/DES is subjective. Nothing is defined within IPSec to make use of a particular algo https://security.stackexchange.com/questions/183279/ip-security-ipsec-vs-public-key-infrastructure-pki#183288 https://www.coviantsoftware.com/technology-briefs/what-is-secure-ftp/
upvoted 33 times
KerryB
3 years, 8 months ago
I think ABDEF are the true answers. I hope this question is not on the exam. https://www.nsoftware.com/kb/articles/legacy/sbb/ftps-vs-sftp.rst For authentication FTPS (or, to be more precise, the SSL/TLS protocol under FTP) uses X.509 certificates, while SFTP (the SSH protocol) uses SSH keys. X.509 certificates include the public key and certain information about the certificate owner. https://www.google.com/search?source=hp&ei=ZLUtX_yTEIrv_QbworO4Cg&q=Does+SAML+use+certificates&oq=Does+SAML+use+certificates&gs_lcp=CgZwc3ktYWIQAzIICCEQFhAdEB46EQguELEDEIMBEMcBEKMCEJMCOgsILhCxAxDHARCjAjoICAAQsQMQgwE6CAguEMcBEK8BOggILhCxAxCDAToCCAA6DgguELEDEMcBEKMCEJMCOg4ILhCxAxCDARDHARCjAjoCCC46BQgAELEDOgUILhCxAzoICC4QsQMQkwI6BggAEBYQHjoFCCEQoAE6BwghEAoQoAFQ7wpYmnVgpHZoEXAAeAGAAfsCiAGMJZIBCTE0LjIxLjIuMpgBAKABAaoBB2d3cy13aXo&sclient=psy-ab&ved=0ahUKEwj81cSo84nrAhWKd98KHXDRDKcQ4dUDCAw&uact=5#spf=1596831091797 Your SAML applications use X.509 certificates to confirm the authenticity and integrity of messages shared between the Identity Provider (IdP) and the Service Provider (SP).
upvoted 1 times
KerryB
3 years, 8 months ago
https://andrewjprokop.wordpress.com/2015/02/24/understanding-security-certificates-for-sip-clients/ This brings up two questions. First, do I need a certificate on my SIP client? The answer is “yes.” You will not be able to encrypt signaling or data without one. ... In SIP, we deal with two forms of encryption. – signaling and media. Encryption of SIP signaling is accomplished with Transport Layer Security (TLS) and encryption of media is done with Secure Real-Time Protocol (SRTP). Used together, an enterprise can be assured that all aspects of its communication traffic remain private. https://sites.google.com/site/amitsciscozone/home/ipsec/site-to-site-ipsec-vpn-using-digital-certificates IPSec with digital certificate provides the most secure and scalable way to implement a VPN. https://stackoverflow.com/questions/111386/difference-between-ssl-and-kerberos-authentication SSL uses public key cryptography. Kerberos does not use public key cryptography
upvoted 1 times
...
...
Eluis007
2 years, 4 months ago
SFTP??? You are worse than MalkolmJohn
upvoted 1 times
...
...
MelvinJohn
Highly Voted 3 years, 10 months ago
ABC - "To encrypt and sign all proprietary data in transit" and "employs certificates generated by the PKI" A. S/MIME yes S/MIME uses PKI to provide authentication and encryption of email. B. TLS yes TLS has several encryption and encoding standards, some support PKI. C. SFTP yes SSH in SFTP uses public key cryptography D. SAML no not data in transit E. SIP no not data in trans F. IPSec no no PKI G. Kerberos no no PKI
upvoted 16 times
...
ID77
Most Recent 1 month, 1 week ago
According to Darril Gibson 601 guide the provided answers are correct. For reference P. 373,374. Data in transit: TLS, S/MIME and HTTPS transport encryption.
upvoted 1 times
...
ID77
1 month, 1 week ago
According to Darril Gibson 601 guide the provided answers are correct. For reference P. 373,374. Data in transit: TLS, S/MIME and HTTPS transport encryption.
upvoted 1 times
...
AkilaM
2 years, 10 months ago
what is HTTP-Digest?
upvoted 2 times
...
jackoffson9
2 years, 11 months ago
The C answer provided here is supposed to be SFTP
upvoted 3 times
...
Amy24
3 years, 3 months ago
IPsec needs session keys to operate. The procedure for obtaining those is not specified by the IPsec. A method for gaining the keys is to use the Internet Key Exchange (IKE). IKE requires some method for user authentication. The methods that could be selected are based on symmetric or asymmetric keys. Public Key Infrastructure (PKI) can be used to provide user authentication using asymmetric keys. PKI is a scalable user authentication method where the user identity is based on private keys and certificates. When a PKI-based user authentication is used in IPsec concept, the PKIfunctionality can be implemented as a PKI library that implements the protocols and functions that are needed.
upvoted 1 times
Heymannicerouter
2 years, 11 months ago
IPsec doesn't use PKI to protect data-in-transit though, which is what the question is asking.
upvoted 1 times
...
...
MichaelLangdon
3 years, 4 months ago
A B C easy as 1 2 3
upvoted 2 times
exiledwl
3 years, 3 months ago
as simple as DO RE MI
upvoted 2 times
...
...
Not_My_Name
3 years, 6 months ago
SFTP = Secure Shell File Transport Protocol. SSH uses PKI and you should always generate a key pair before use. (Putty Screenshot: https://docs.rightscale.com/img/faq-PuTTY_Output.png) So, ABC is correct.
upvoted 2 times
...
Estiva
3 years, 7 months ago
Answer is definitely ABF PKI support for IPsec Public Key Infrastructure (PKI) provides certificate management to support secured communication for security protocols such as IP security (IPsec).
upvoted 3 times
...
MelvinJohn
3 years, 10 months ago
Had plenty of time to review due to covid-19. Final thoughts: [note: question specifies data in transit] ABF - "To encrypt and sign all proprietary DATA IN TRANSIT" and "employs certificates generated by the PKI" A. S/MIME yes - uses PKI to provide authentication and encryption of email for data in transit. B. TLS yes - TLS has several encryption and encoding standards, some support PKI for data in transit. C. SFTP no – for authentication only – not for data in transit D. SAML no - not data in transit E. SIP no - not data in transit F. IPSec yes – IPsec MAY use PKI – may also use DES or AES – to encrypt data in transit G. Kerberos no - no PKI
upvoted 4 times
MagicianRecon
3 years, 10 months ago
Took you 3 months to change answers multiple times. You are a great help to all potential test takers
upvoted 19 times
vaxakaw829
3 years, 8 months ago
I recently developed a defense mechanism against MelvinJohn's distractive comments :)
upvoted 14 times
Waffa
3 years, 7 months ago
agree he is a big confuser guy , i start avoiding read his command,
upvoted 12 times
...
...
choboanon
3 years, 8 months ago
Wasn't sure if you're sarcastic, I appreciate his efforts more than people who leave an asnwer with no explanation. At least he came back to think it over. Better than most
upvoted 9 times
...
...
...
JJ_here
3 years, 11 months ago
- S/MIME is based on asymmetric cryptography that uses a pair of mathematically related keys to operate – a public key and a private key. - TLS uses PKI certificates to authenticate parties communicating with each other as well as encrypting the communication session. - SFTP provides an alternative method for client authentication. It's called SFTP public key authentication.
upvoted 1 times
...
certpro
3 years, 11 months ago
https://statemigration.com/compare-sftp-ftps-and-ipsec/ I support ABC , SFTP supports PKI and certificates , but, IPSec lack of digital certificates.
upvoted 5 times
...
MelvinJohn
4 years, 1 month ago
ABD Any protocol that uses either SSL or TLS, uses certificates to exchange Public Keys, and then the Public Keys are used to securely exchange Private Keys. Install a Windows-based Certification Authority and set up a public key infrastructure to issue S/MIME certificates. But - For authentication FTPS uses X. 509 certificates, while SFTP (the SSH protocol) uses SSH keys. On the other hand, with SAML you need to generate a set of public and private keys and an X.509 certificate. https://support.google.com/a/answer/6349922?hl=en
upvoted 2 times
MelvinJohn
4 years, 1 month ago
Update: ABD (or ABDF?) Any protocol that uses either SSL or (B) TLS, uses certificates to exchange Public Keys, and then the Public Keys are used to securely exchange Private Keys. Install a Windows-based Certification Authority and set up a public key infrastructure to issue (A) S/MIME certificates. (NOT C) - SFTP (the SSH protocol) uses SSH keys. On the other hand, with (D) SAML you need to generate a set of public and private keys and an X.509 certificate. A popular way for network administrators to scale an (F) IPsec network is to use digital certificates instead of preshared keys. (NOT E) SIP is for media coms. (NOT G) With Kerberos, you can be authenticated by your password
upvoted 2 times
MelvinJohn
4 years, 1 month ago
SAML uses certificates - but not for data in transit - for authentication. The question addresses "data in transit." So best answer is ABF. All use certificates and apply to data in transit.
upvoted 2 times
MelvinJohn
4 years, 1 month ago
ABC is correct - Like SFTP, HTTPS also uses Public Key Infrastructure.
upvoted 2 times
Lains2019
3 years, 11 months ago
SFTP is different from FTPS. SFTP = SSH FTP, uses SSH keys. HTTPS and FTPS use Public Key Infrastructure.
upvoted 2 times
...
...
...
Lains2019
3 years, 11 months ago
I vote for A,B,F
upvoted 6 times
rameces
3 years, 7 months ago
also me ABF
upvoted 1 times
...
...
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel