DEVCOR Exam - Question 143

It's C

C ......

A is correct. In many messaging services, third parties store the data, which is encrypted only in transit. This server-side encryption method secures the data from unauthorized viewers only. But as an effect of this method, the sender can view the information, too, which can be undesirable in cases where data privacy at all points is needed. ### In the case of end-to-end encryption, encrypted data is only viewable by those with decryption keys. In other words, E2EE prevents unintended users, including third parties, from reading or modifying data when only the intended readers should have this access and ability. ### But the end-to-end encryption has the following challenges: - Endpoint Security - Man-in-the-Middle - Backdoors https://www.ibm.com/topics/end-to-end-encryption

IMO, if owners tries to access data in motion it will still be same as MitM

As this question mentions end-to-end encryption, it clearly is about the communication (C) and not about the endpoints (A&B&D).

agree with designated. But the end-to-end encryption has the following challenges: - Endpoint Security - Man-in-the-Middle - Backdoors https://www.ibm.com/topics/end-to-end-encryption

I guess A and C are correct. Maybe something was misspelled on writing the answers

MITM is done by the HTTPS protocol already

Not C, because C (The API data is protected against man-in-the-middle attacks) ❌ While TLS encryption prevents man-in-the-middle (MITM) attacks, E2EE is not primarily designed for this purpose. E2EE ensures only the intended recipient can read the data, even if MITM attackers or service providers intercept it.