312-50v12 Exam QuestionsBrowse all questions from this exam
Go to Exam

312-50v12 Exam - Question 190

You are the chief cybersecurity officer at CloudSecure Inc., and your team is responsible for securing a cloud based application that handles sensitive customer data. To ensure that the data is protected from breaches, you have decided to implement encryption for both data-at-rest and data-in-transit. The development team suggests using SSL/TLS for securing data in transit. However, you want to also implement a mechanism to detect if the data was tampered with during transmission. Which of the following should you propose?

Show Answer
Correct Answer: AC

To detect if the data was tampered with during transmission, you should encrypt the data using the AES algorithm before transmission and incorporate a mechanism for verifying the integrity of the data, such as using a Hash-based Message Authentication Code (HMAC). This approach ensures both confidentiality through encryption and integrity by detecting any tampering during transmission.

Discussion

9 comments
Sign in to comment
insaniuntOption: A
Feb 11, 2024

A. Implement IPsec in addition to SSL/TLS.

LeongCC
Feb 22, 2024

Agree!

brrbrrOption: C
Feb 21, 2024

C. To address data integrity, it is common to use encryption in combination with message authentication codes (MAC) or hash functions. In this case, encrypting the data using the AES algorithm before transmission and incorporating a mechanism for verifying the integrity of the data (such as using a HMAC - Hash-based Message Authentication Code) would help detect if the data was tampered with during transmission. Options A, B, and D do not specifically address the need for integrity checking during transmission: A. Implement IPsec in addition to SSL/TLS: IPsec is used for network layer security and could be redundant when SSL/TLS is already in place. B. Switch to using SSH for data transmission: While SSH provides encryption and integrity checking, it may not be the best choice for application-level data transmission, especially in a cloud environment. D. Use the cloud service provider's built-in encryption services: it may not be sufficient for ensuring integrity during data transmission unless combined with an appropriate integrity verification mechanism.

anarchyeagleOption: A
Feb 28, 2024

Chat GPT: Implement IPsec in addition to SSL/TLS: IPsec (Internet Protocol Security) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of a session and negotiation of cryptographic keys to be used during the session. IPsec can be used in conjunction with SSL/TLS to provide an additional layer of security that includes integrity checks, ensuring that data has not been tampered with during transmission. This approach adds another layer of security that operates at a different layer of the network stack, providing comprehensive protection for data in transit.

John07
Apr 3, 2024

How did you "implement encryption for both data-at-rest and data-in-transit" using IPSec and SSL/TLS ?

evilrabbit
Apr 16, 2024

The key phrase here is "a mechanism to detect if the data was tampered with during transmission", so the correct answer is A

misolchangOption: C
Feb 23, 2024

ChatGPT said: Given these options, the most suitable choice for ensuring both confidentiality and integrity during data transmission is: C. Encrypt data using the AES algorithm before transmission. To ensure data integrity, you can also incorporate a message authentication code (MAC) or a digital signature along with AES encryption. This way, you'll have both encryption for confidentiality and a mechanism for detecting tampering during transmission.

JR22craftOption: C
Feb 25, 2024

C. Encrypt data using the AES algorithm before transmission. IPSec is redundant

DruSupermanOption: A
Mar 5, 2024

I think this addresses it. From Module 3 PG 391 To maximize network security, use strong encryption for all traffic placed on transmission media without considering its type and location. This is the best method to prevent IP spoofing attacks. IPSec can be used to drastically reduce the IP spoofing risk, as it provides data authentication, integrity, and confidentiality.

qtygbapjpesdayazkoOption: D
Mar 16, 2024

Is C. key word " implement encryption for both data-at-rest and data-in-transit"

LordXanderOption: A
Apr 2, 2024

The only option that is valid, is A. C is indeed a strong encryption algorithm but standalone doesn't have the capabilities of detecting data tempering

LoveBug4Option: A
Jun 25, 2024

IPsec provides data encryption and data integrity. Module 11, page 1592