Bella, a security professional working at an IT firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames, and passwords are shared in plaintext, paving the way for hackers to perform successful session hijacking. To address this situation, Bella implemented a protocol that sends data using encryption and digital certificates.
Which of the following protocols is used by Bella?
Bella implemented FTPS (File Transfer Protocol Secure) to address the security breach. FTPS is an extension of FTP that incorporates Transport Layer Security (TLS) or Secure Sockets Layer (SSL) to encrypt data transfers and use digital certificates, making it secure against session hijacking and ensuring safe transfer of sensitive data.
Both A and C fits the criteria, but the keyword is she 'transfers', indicating she initially used FTP, hence ftps
A. FTPS FTPS includes full support for the TLS and SSL cryptographic protocols, including the use of server-side public key authentication certificates and client-side authorization certificates. It also supports compatible ciphers, including AES, RC4, RC2, Triple DES, and DES. It further supports hash functions SHA, MD5, MD4, and MD2. https://en.wikipedia.org/wiki/FTPS
Another poorly worded question with two correct answers, A. FTPS and C. HTTPS are both correct. But if you want to pass the test, the CEH "most correct" answer is A. FTPS per the other comments in this thread. This was a question for me when I took the exam on 13 Dec 2023.
C. HTTPS Explanation: HTTPS (Hypertext Transfer Protocol Secure) is a protocol used to secure communication over the internet. It is an extension of HTTP (Hypertext Transfer Protocol) and uses Transport Layer Security (TLS) or Secure Sockets Layer (SSL) to encrypt data sent between a web server and a client. HTTPS ensures that data transmitted between a web server and a client is encrypted and therefore secure against eavesdropping and tampering. In the given scenario, Bella implemented a protocol that sends data using encryption and digital certificates to address the security breach caused by plaintext transmission of sensitive data. This is exactly what HTTPS does, making it the correct answer.
You are wrong because it specifically says transporting files, and not over the internet.
"breach occured while transferring files". FTPS is an extension of the FTP protocol that adds support for Transport Layer Security (TLS) or Secure Sockets Layer (SSL) encryption for securing file transfer. Bella could have implemented FTPS as a secure alternative to FTP, which uses plaintext for data transfer and is susceptible to session hijacking attacks.
Correct. Reference: CEH v12 Official book Pg no: 1584
A. FTPS See CEH v12 book Module 04 Page 504: "Enumeration Countermeasures: Implement secure FTP (SFTP) or FTP secure (FTPS) to encrypt the FTP traffic over the network"
"while transferring important files" I believe this is a dead giveaway to the correct answer A. FTPS
A and C are correct. FTPS and HTTPS meet the criteria
ChatGPT and ForefrontAI selected HTTPS
C. HTTPS
C. HTTPS HTTPS is considered more secure than FTPS. It provides end-to-end encryption and uses digital certificates for identity verification. FTPS adds an SSL/TLS encryption layer to FTP but lacks comprehensive security. HTTPS offers stronger encryption and identity protection.
while transferring important files - that is FTP
FTPS adds SSL/TLS encryption to FTP Answer is A
Modern policies like GDPR and HIPAA favor secure transfers, elevating SFTP as the top recommendation.
AS IT'S REFERS TRANFER OF FILE SO IT IS FTP