nerdexam
CompTIA

CAS-003 · Question #369

A security engineer is attempting to increase the randomness of numbers used in key generation in a system. The goal of the effort is to strengthen the keys against predictive analysis attacks. Which

The correct answer is A. Use an entropy-as-a-service vendor to leverage larger entropy pools.. Cryptographic key strength depends heavily on the quality of entropy (true randomness) used during key generation. Pseudo-random number generators (PRNGs) are deterministic algorithms - they produce sequences that appear random but are mathematically predictable given the seed va

Enterprise Security Architecture

Question

A security engineer is attempting to increase the randomness of numbers used in key generation in a system. The goal of the effort is to strengthen the keys against predictive analysis attacks. Which of the following is the BEST solution?

Options

  • AUse an entropy-as-a-service vendor to leverage larger entropy pools.
  • BLoop multiple pseudo-random number generators in a series to produce larger numbers.
  • CIncrease key length by two orders of magnitude to detect brute forcing.
  • DShift key generation algorithms to ECC algorithms.

How the community answered

(48 responses)
  • A
    83% (40)
  • B
    8% (4)
  • C
    2% (1)
  • D
    6% (3)

Explanation

Cryptographic key strength depends heavily on the quality of entropy (true randomness) used during key generation. Pseudo-random number generators (PRNGs) are deterministic algorithms - they produce sequences that appear random but are mathematically predictable given the seed value. This makes them vulnerable to predictive analysis attacks. An entropy-as-a-service (EaaS) vendor provides access to large pools of true entropy, often harvested from physical phenomena (hardware noise, atmospheric data, quantum events), making the generated keys genuinely unpredictable. Option B is wrong because chaining multiple PRNGs still produces pseudo-random output - garbage in, garbage out. Option C (increasing key length) improves brute-force resistance but does nothing to address the predictability of the key generation process itself. Option D (ECC) changes the mathematical algorithm for key operations but doesn't address the entropy source used to generate the keys.

Topics

#entropy#key generation#cryptographic randomness#PRNG

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice