High-Frequency Exam Topics Review

Cryptography is one of the most tested topic areas on Security+. Master these comparisons: Symmetric vs Asymmetric — symmetric (AES, 3DES) is faster and used for bulk data encryption; asymmetric (RSA, ECC) is slower but solves key distribution (used for key exchange and signatures). Key sizes to know: RSA-2048 minimum for current security, AES-128 or AES-256 for symmetric. Common algorithms: SHA-256/SHA-3 for hashing, HMAC for message authentication, ECDHE for key exchange, AES-GCM for authenticated encryption. Questions often ask you to select the correct algorithm for a specific use case — know which algorithm class (symmetric/asymmetric/hash/MAC) applies to each scenario.

PKI questions are common and often scenario-based. Know these roles precisely: Root CA — top of the trust hierarchy, self-signed certificate, typically kept offline; Intermediate/Subordinate CA — signs end-entity certificates, online, allows Root CA to stay offline; Registration Authority (RA) — verifies identity before a CA issues a certificate (can be separate from CA); CRL (Certificate Revocation List) — periodically published list of revoked certificates; OCSP (Online Certificate Status Protocol) — real-time revocation check; OCSP Stapling — server pre-fetches OCSP response and staples it to TLS handshake, reducing latency. Certificate fields: subject, issuer, validity period, public key, SAN (Subject Alternative Names), extensions.